Legislation to Modernize Federal IT Reintroduced in CongressLegacy IT Seen as a Threat to Security
A bipartisan group of lawmakers has introduced legislation to modernize the U.S. federal government's information technology, a measure that, if enacted, could improve system security.
"A move toward modern technologies can keep our information and digital infrastructure secure from cyberattacks, while saving billions of taxpayer dollars," said the prime sponsor of the Modernizing Government Technology Act, Rep. Will Hurd, the Texas Republican who chairs the House Information Technology Subcommittee. A similar bill was to be introduced in the Senate.
The measure would require each agency to establish an IT modernization and working capital fund, which would be financed through redirecting funds intended for the operation and maintenance of legacy systems. Savings could be applied to new IT acquisitions.
Many federal information systems are antiquated, some dating back nearly a half century. Legacy systems often cannot be patched to defend against emerging threats and vulnerabilities because the technology doesn't exist to update them. Modernizing IT also includes adopting widespread use of cloud computing. Cloud computing is seen as being more secure than stand-alone systems because reliable cloud providers are better positioned to update and patch the systems they operate, something many agencies and businesses find hard to do because of costs and lack of the necessary in-house skills.
"Agencies ... moving wholesale to a modern cloud-based infrastructure is not only much more cost effective, but actually is more secure than relying on the legacy data centers many agencies continue to operate," says Learning Tree International Chief Executive Richard Spires, the onetime CIO at the Department of Homeland Security and Internal Revenue Service.
The federal budget for the current fiscal year earmarks more $82 billion for information technology, with 78 percent of that figure slated for maintaining legacy systems, according to the Federal CIO Council.
A government watchdog questions the value of that investment in IT support. Federal legacy IT investments are becoming increasingly obsolete: Many of these systems use outdated software languages and hardware components that are unsupported, creating significant security risks, according to the Government Accountability Office. The Office of Management and Budget recently began an initiative to modernize, retire and replace the legacy IT systems, but GAO says the government runs the risk of maintaining systems that have outlived their effectiveness until agencies fully execute this initiative.
Investing in new technology has proven to be a money saver, as well. Researchers Min-Seok Pang of Temple University and Huseyin Tanriverdi of the University of Texas say their investigation revealed that every 1 percentage point increase in new IT development spending is associated with a 5 percent decrease in security breaches.
"Agencies that invest more in new IT development and modernization experience fewer security breaches than ones that invest more in maintenance of legacy systems," Pang and Tanriverdi wrote in a white paper titled Security Breaches in the U.S. Federal Government, which they published last month. "Outsourcing legacy systems to the cloud also reduces the frequency of security breaches."
In the last Congress, the House approved a similar measure, but that bill died in the Senate because of cost concerns. The Congressional Budget Office estimated the 2016 bill would have cost $9 billion to implement, which scared some senators from supporting it. Hurd and other bill sponsors disputed the CBO estimate. Hurd, in an interview with Federal News Radio, said he's working with CBO to get a more realistic estimate of the bill's costs. "We feel good about it," he said. "We have more time in order to talk to our friends on the Senate side. The White House is behind this firmly and will be working with us to make sure this gets passed."