Dec 22 2016

What’s Ahead for Federal IT in 2017?

Building a cybersecurity strategy, IT modernization, data center consolidation, and Windows 10 adoption will likely be at the forefront of federal technology next year.

As a new president prepares to take office, it’s worth thinking about how the Trump administration will seek to change or maintain federal IT priorities of the Obama administration.

For starters, politically appointed CIOs at federal agencies will be tendering their resignations, leading to new leadership at agencies. That may lead to delays in smaller IT priorities. “Obviously, it will vary significantly from agency to agency, but generally it is quite disruptive,” Richard Spires, the former CIO of the Department of Homeland Security who now serves as CEO of the IT training firm Learning Tree International, recently told CIO magazine.

President-elect Donald Trump did not articulate a detailed technology policy before the election, but did heavily emphasize cybersecurity. However, the federal bureaucracy is likely to keep moving forward with many IT priorities the Obama administration has put in place. Here’s a look at some key federal IT trends to watch next year. This is by no means exhaustive, and please let us know in the comments if you think we've missed a key trend. 

Cybersecurity Takes Center Stage

Earlier this month, President Obama’s Commission on Enhancing National Cybersecurity issued its final report, which includes 53 specific “action items” for the incoming administration to continue addressing. The commission, which Obama set up in February as part of his Cybersecurity National Action Plan, recommends that, in many cases, the government work with the private sector to strengthen cybersecurity.

Cyberattacks will likely grow more numerous and sophisticated during the Trump administration, and will demand a governmentwide response.

Before the election, Trump said he would order an immediate review of all U.S. cyberdefenses and vulnerabilities, including critical infrastructure, by “a Cyber Review Team of individuals from the military, law enforcement and the private sector.” This team would then “provide specific recommendations for safeguarding different entities with the best defense technologies tailored to the likely threats, and will be followed up regularly at various federal agencies and departments.” The team would “also establish detailed protocols and mandatory cyber awareness training for all government employees while remaining current on evolving methods of cyber-attack.”

The Obama report recommended that the Trump administration launch a program to train 100,000 cybersecurity practitioners and initiate a national cybersecurity apprenticeship program to train 50,000 more by 2020. The report also recommends the administration create a national public–private initiative to achieve major security and privacy improvements by increasing the use of strong authentication to improve identity management.

In terms of its more inventive recommendations, the report says that, “to improve consumers’ purchasing decisions, an independent organization should develop the equivalent of a cybersecurity ‘nutritional label’ for technology products and services —ideally linked to a rating system of understandable, impartial, third-party assessment that consumers will intuitively trust and understand.”

How the Trump administration goes about creating a cyber policy — developing norms around acceptable behavior in cyberspace — will affect a great deal of federal tech policy in the years ahead.

IT Modernization Remains a Key Issue

After the Obama administration proposed a $3.1 billion IT Modernization Fund (ITMF), Congress took up the issue, only to see momentum wane at the end of the year.

In September, the House of Representatives passed the Modernizing Government Technology Act of 2016, which didn’t appropriate any new money, but would have authorized working capital funds at the 24 agencies governed by the Chief Financial Officers Act of 1990. As FCW reported, these funds “drive IT modernization and bank the savings achieved from retiring expensive legacy IT and shifting to managed services.” The bill also authorized a governmentwide revolving fund that the GSA would manage, akin to the ITMF.

However, the Senate failed to act on the bill. Rep. Will Hurd (R-Texas), the author of the MGT Act, told FedScoop that while he was disappointed that it did not become law, “we have an opportunity in less than a month to get back at this and do it again” when the 115th Congress convenes.

The federal government spends roughly 80 percent of its $80 billion annual IT budget on maintaining legacy systems, many of which were designed to automate processes, and some of which are decades old. Given that, the need for IT modernization isn’t going away.

Data Center Consolidation Proceeds Apace

In August, the Office of Management and Budget officially released its Data Center Optimization Initiative (DCOI), which is aimed at consolidating inefficient data center infrastructure, optimizing existing facilities, improving security, achieving cost savings, and pushing toward more energy-efficient infrastructure, cloud services and interagency shared services.

To comply with DCOI, agencies will have to meet five metrics for tiered data centers by Sept. 30, 2018. Those metrics are:

  • Install energy-metering tools in all tiered data centers to measure power consumption.
  • Maintain a Power Usage Effectiveness (PUE) score of less than 1.5, but preferably less than 1.2.
  • House at least four virtual servers per physical server.
  • Use at least 80 percent of a tiered data center’s floor space.
  • Achieve a server utilization rate of at least 65 percent.

Agencies are likely to spend most of 2017 moving to achieve those goals. The Defense Department, which is behind schedule on data center closures, said in August that it would launch a “data center closure team to assess and recommend closures of the costliest and least efficient facilities beginning in the first quarter of fiscal year 2017.” That work began in November.

Windows 10 Adoption Likely Jumps, Thanks to DOD

The Defense Department set a goal earlier this year of migrating 4 million devices to Microsoft’s Windows 10 platform by Jan. 31, 2017, and while DOD CIO Terry Halvorsen said in September that the department would not meet the goal, he said the Pentagon is still pressing ahead.

Both the Army and Air Force are not going to meet the goal, in part because of the difficulty of moving legacy applications and programs, but they are moving to upgrade their systems. The DOD is pushing the migration in large part because of enhanced cybersecurity protections that come with the new platform. The Pentagon is migrating to the Windows 10 “Secure Host Baseline,” which includes not only the Windows 10 operating system but also additional secure applications that have been preconfigured.

Other agencies are also pushing forward with migrations to Windows 10, including the Transportation Security Administration and Social Security Administration.

As agencies modernize their IT and move to put more data into the cloud, they will likely try to achieve both of those goals by adopting Windows 10 and moving off of older and less-secure versions of Microsoft’s operating system.


Zero Trust–Ready?

Answer 3 questions on how your organization is implementing zero trust.