While the IC’s research organization looks into adding security to cloud environments, in the here and now, intelligence agencies are sharing more data.
As a new president prepares to take office, it’s worth thinking about how the Trump administration will seek to change or maintain federal IT priorities of the Obama administration.
For starters, politically appointed CIOs at federal agencies will be tendering their resignations, leading to new leadership at agencies. That may lead to delays in smaller IT priorities. “Obviously, it will vary significantly from agency to agency, but generally it is quite disruptive,” Richard Spires, the former CIO of the Department of Homeland Security who now serves as CEO of the IT training firm Learning Tree International, recently told CIO magazine.
President-elect Donald Trump did not articulate a detailed technology policy before the election, but did heavily emphasize cybersecurity. However, the federal bureaucracy is likely to keep moving forward with many IT priorities the Obama administration has put in place. Here’s a look at some key federal IT trends to watch next year. This is by no means exhaustive, and please let us know in the comments if you think we've missed a key trend.
Earlier this month, President Obama’s Commission on Enhancing National Cybersecurity issued its final report, which includes 53 specific “action items” for the incoming administration to continue addressing. The commission, which Obama set up in February as part of his Cybersecurity National Action Plan, recommends that, in many cases, the government work with the private sector to strengthen cybersecurity.
Cyberattacks will likely grow more numerous and sophisticated during the Trump administration, and will demand a governmentwide response.
Before the election, Trump said he would order an immediate review of all U.S. cyberdefenses and vulnerabilities, including critical infrastructure, by “a Cyber Review Team of individuals from the military, law enforcement and the private sector.” This team would then “provide specific recommendations for safeguarding different entities with the best defense technologies tailored to the likely threats, and will be followed up regularly at various federal agencies and departments.” The team would “also establish detailed protocols and mandatory cyber awareness training for all government employees while remaining current on evolving methods of cyber-attack.”
The Obama report recommended that the Trump administration launch a program to train 100,000 cybersecurity practitioners and initiate a national cybersecurity apprenticeship program to train 50,000 more by 2020. The report also recommends the administration create a national public–private initiative to achieve major security and privacy improvements by increasing the use of strong authentication to improve identity management.
In terms of its more inventive recommendations, the report says that, “to improve consumers’ purchasing decisions, an independent organization should develop the equivalent of a cybersecurity ‘nutritional label’ for technology products and services —ideally linked to a rating system of understandable, impartial, third-party assessment that consumers will intuitively trust and understand.”
How the Trump administration goes about creating a cyber policy — developing norms around acceptable behavior in cyberspace — will affect a great deal of federal tech policy in the years ahead.
After the Obama administration proposed a $3.1 billion IT Modernization Fund (ITMF), Congress took up the issue, only to see momentum wane at the end of the year.
In September, the House of Representatives passed the Modernizing Government Technology Act of 2016, which didn’t appropriate any new money, but would have authorized working capital funds at the 24 agencies governed by the Chief Financial Officers Act of 1990. As FCW reported, these funds “drive IT modernization and bank the savings achieved from retiring expensive legacy IT and shifting to managed services.” The bill also authorized a governmentwide revolving fund that the GSA would manage, akin to the ITMF.
However, the Senate failed to act on the bill. Rep. Will Hurd (R-Texas), the author of the MGT Act, told FedScoop that while he was disappointed that it did not become law, “we have an opportunity in less than a month to get back at this and do it again” when the 115th Congress convenes.
The federal government spends roughly 80 percent of its $80 billion annual IT budget on maintaining legacy systems, many of which were designed to automate processes, and some of which are decades old. Given that, the need for IT modernization isn’t going away.
In August, the Office of Management and Budget officially released its Data Center Optimization Initiative (DCOI), which is aimed at consolidating inefficient data center infrastructure, optimizing existing facilities, improving security, achieving cost savings, and pushing toward more energy-efficient infrastructure, cloud services and interagency shared services.
To comply with DCOI, agencies will have to meet five metrics for tiered data centers by Sept. 30, 2018. Those metrics are:
Agencies are likely to spend most of 2017 moving to achieve those goals. The Defense Department, which is behind schedule on data center closures, said in August that it would launch a “data center closure team to assess and recommend closures of the costliest and least efficient facilities beginning in the first quarter of fiscal year 2017.” That work began in November.
The Defense Department set a goal earlier this year of migrating 4 million devices to Microsoft’s Windows 10 platform by Jan. 31, 2017, and while DOD CIO Terry Halvorsen said in September that the department would not meet the goal, he said the Pentagon is still pressing ahead.
Both the Army and Air Force are not going to meet the goal, in part because of the difficulty of moving legacy applications and programs, but they are moving to upgrade their systems. The DOD is pushing the migration in large part because of enhanced cybersecurity protections that come with the new platform. The Pentagon is migrating to the Windows 10 “Secure Host Baseline,” which includes not only the Windows 10 operating system but also additional secure applications that have been preconfigured.
Other agencies are also pushing forward with migrations to Windows 10, including the Transportation Security Administration and Social Security Administration.
As agencies modernize their IT and move to put more data into the cloud, they will likely try to achieve both of those goals by adopting Windows 10 and moving off of older and less-secure versions of Microsoft’s operating system.