President Trump has requested $228 million from Congress for an information technology modernization fund that agencies could use to upgrade high-priority legacy systems. The idea builds off a similar plan from the last year of the Obama administration, but takes a more cautious approach.
The Obama plan called for a more aggressive spend, requesting more than $3 billion per year. The Trump administration plan takes a more “wait and see” approach, using the $228 million as essentially a pilot program to see how such a fund would work.
“We understand that $228 million is obviously small in proportion to the $90 billion we spend each year on technology, but given the central board will have a bird’s eye view on agency needs, it will fund the highest priorities,” an Office of Management and Budget (OMB) official told Federal News Radio in May.
The fund is a step in the right direction if it can make it through Congress. There is no shortage of stories from government agencies running mission-critical programs on legacy systems – some more than 40 years old. The Trump administration sees the need to fix these, so even though the plan calls for less funding than originally hoped, it could be the start of a major breakthrough. This funding – and focus – can also help to lock-down these systems.
Building-in Security
Legacy systems bring with them a host of challenges. They are expensive to operate, can be difficult to find people knowledgeable with how to use them and the systems themselves cannot communicate easily with modern technology. These are all important, but more than anything else, legacy systems lack security.
As federal agencies use the new modernization fund to bring older systems up-to-speed, they need to keep the security component top of mind. Security needs to be built into these systems from the beginning. Too often federal agencies have fallen into the trap of finding a system that fills a need and trying to bolt-on products in an attempt to secure it later. This leads to larger problems down the road and results in significantly more complex environments – as well as much higher costs over the life of the system.
The right system for any agency must first be secure. The security program needs to provide low levels of risk, meet compliance and framework standards and be able to communicate/integrate with other tools and technologies.
In a way, legacy systems have taken the eyes away from government technology leaders by limiting their visibility into the system itself. In order to be effective, federal technology leaders need this visibility into the security of their systems. Modern systems can offer this capability, but only if constructed correctly, from the ground up, as agencies deliver on their modernization efforts.
It is wonderful that the administration will provide a way for federal agencies to begin improving legacy systems. Now it is up to the agencies to make sure the modern systems that are brought in fix the problems legacy systems created in the first place, including security vulnerabilities and a lack of agency control.
Stay tuned for future content on this blog around how agencies can modernize their security programs as they modernize their legacy environments.