By John K. Higgins
Jan 29, 2021 4:00 AM PT
The incoming presidential administration has proposed a stunning increase in support of federal investments in high technology. As part of the administration’s plan to deal with the economic impact of COVID-19, the Biden proposal includes $10 billion for various federal information technology programs.
The single most visible component of the plan is a proposal to allocate $9 billion for the federal Technology Modernization Fund (TMF). The fund was created by the Modernizing Government Technology Act of 2017, and provides “an innovative funding vehicle that gives agencies additional ways to deliver services to the American public more quickly, better secure sensitive systems and data, and use taxpayer dollars more efficiently,” according to the General Services Administration (GSA). Projects approved for support from the fund receive incremental funding and technical expertise to ensure project success.
The TMF received $100 million in fiscal 2018 to fund modernization projects, and another $25 million in fiscal 2019. The Trump administration’s budget for 2020 requested an additional $150 million. Agencies which receive the incremental funding must “repay” the fund within five years so as to create a revolving support mechanism. However, the Biden proposal seeks Congressional approval “to change the fund’s reimbursement structure in order to fund more innovative and impactful projects.”
Among projects that have been selected for TMF assistance are a Unisys Mainframe Migration program, an Enterprise Cloud Email initiative, and an Infrastructure Optimization and Cloud Adoption project.
Cybersecurity Tilt with a Modernization Chunk
Still, the $9 billion in TMF funding in the Biden proposal dwarfs the current level of federal support. The total $10-billion effort is largely focused on cybersecurity-related investments, but a good portion will be allocated to other IT modernization efforts.
The TMF spending is intended to “help the U.S. launch major new IT and cybersecurity shared services at the Cyber Security and Information Security Agency (CISA) and the General Services Administration and complete modernization projects at federal agencies,” according to a Biden transition team statement. The Biden plan specifically cited security concerns stemming from the hacking of software provider SolarWinds and other entities which affected many federal agencies.
Other components of the $10-billion effort include provisions to:
- Surge cybersecurity technology and engineering expert hiring. This includes providing the federal Information Technology Oversight and Reform fund with $200 million to facilitate the rapid hiring of hundreds of experts to support the federal Chief Information Security Officer and the U.S. Digital Service.
- Build shared, secure services to drive transformational projects, such as investing $300 million in no-year funding for Technology Transformation Services in the General Services Administration, designed to drive secure IT projects forward without the need of reimbursement from agencies.
- Improving security monitoring and incident response activities. An additional $690 million boost for CISA will bolster cybersecurity across federal civilian networks and support the piloting of new shared security and cloud computing services.
The Biden plan understandably drew prompt support from the IT sector. The proposals “provide a critical plan to help the United States recover from the devastating COVID-19 pandemic and its economic impact,” said Jason Oxman, president and CEO of the Information Technology Industry Council (ITI). “Digital technology will be an essential partner to ensuring that the U.S. is more resilient moving forward. We are committed to working with the Biden-Harris Administration to promote these policies and aggressively advance U.S. economic recovery and growth,” he said.
The plan “importantly calls for long-overdue and needed modernizations to federal information technology and cybersecurity,” Oxman noted. “These investments in technology infrastructure, tools, and workforce are essential to ensure recovery from the SolarWinds breach, and to deliver modern and secure citizen services and critical networks,” he said. The Biden plan embraced a set of policies and proposals that ITI issued as recommendations to the new administration.
Opportunities for the Commercial Sector
“Earmarking $9 billion for the Technology Modernization Fund, shows the incoming administration clearly understands its unique value proposition of IT modernization and how important effective technology infrastructure will be for supporting agency efforts, particularly as it relates to accelerated COVID-19 responses,” said Matthew Cornelius, executive director of the Alliance for Digital Innovation (ADI).
The requests for IT and cybersecurity funding for use in addition to the TMF, including the Cybersecurity and Infrastructure Security Agency, indicate “a robust response to the recent SolarWinds hack, and enables these agencies to provide critical technology and cybersecurity services to the entire federal government,” ADI said in a statement.
The plan will “dramatically increase the use of commercial technologies in government and provide for a more robust, effective response to the COVID-19 pandemic and the economic recovery,” according to ADI.
Funding the Plan Could Be an Issue
However, the potentially positive impact of the Biden plan for both federal agencies and commercial providers who market IT offerings to the federal government should be put into the context of several factors related to spending and cybersecurity management, according to John Slye, an advisory research analyst at Deltek.
First is the approach to funding. The impetus of implementing the plan as part of a new administration, coupled with the motivation of dealing with the affect if COVID-19 not only in terms of public health, but also the health of the economy, may spur Congress to act quickly to approve the $10-billion plan. But Slye points out that while Congress has supported the Technology Modernization Fund, legislators have taken a cautious approach in providing money.
A proposal to support the fund with a boost of $1 billion as part of a much larger recovery plan ended when the recovery proposal failed in the Senate last year.
“Further, the General Accountability Office (GAO) has raised concerns with the TMF program’s ability to collect on the fund reimbursements from agencies and some in Congress share this concern. The Biden proposal urges Congress to change the TMF reimbursement structure, but it is unclear what that means, exactly and whether that means removing the reimbursement requirement all together,” Slye told the E-Commerce Times.
Also, the normally cumbersome congressional budget process could delay any immediate approval and resultant actual spending. Most likely the budget approval will be part of the federal fiscal year 2022 process — which begins Oct. 1, 2021 — so there’s an outside chance some spending could occur before the end of the calendar year.
In addition, while an increase in federal IT and cybersecurity support of such a magnitude will no doubt help agencies to modernize operations and bolster security, money is not the only factor for upgrading performance, Slye observed. Another factor is that obtaining qualified personnel in the technology continues to be a challenge for the federal government in competition with the private sector.
Practice Cybersecurity Fundamentals
A common observation among cybersecurity experts both inside and outside government is that 80 percent of vulnerabilities could be removed through keeping software patching up-to-date, and observing basic practices like requiring strong passwords, he noted.
“Much of this comes down to ‘practicing the fundamentals of the game,’ to use a sports metaphor. So often, high-profile breaches may be traced back to things that were preventable through basic cybersecurity practices and equipping the general IT user with the security awareness to spot phishing attempts, and so forth.
“These basic cybersecurity fundamentals will remain a key element to maintaining a strong cybersecurity posture, no matter how much we spend on modernizing systems,” Slye said.