Imagine Nation ELC 2021: Federal CIOs See Opportunities for Modernization

How CIOs Are Approaching the Technology Modernization Fund

Congress appropriated $1 billion for the fund as part of the American Rescue Plan Act. In late September, the board announced $311 million in funding for projects, several of which revolved around zero-trust cybersecurity projects.

Agriculture Department CIO Gary Washington said that the TMF is a “wonderful vehicle” to help agencies modernize legacy systems. He also said it is useful for funding cross-agency projects. USDA is looking to partner with the Interior Department on fighting forest fires, for example, and the TMF could be used to modernize technology at Interior to do that. Such projects are more likely to get funding, he said, adding that Federal CIO Clare Martorana and Deputy Federal CIO Maria Roat have “done a great job” in promoting cross-agency collaboration.

Energy Department CIO Anne Dunkin reiterated her point of view that there isn’t enough money in the TMF to cover the wide range of IT modernization needs across the government, calling it a “down payment on what we need to do.” However, she praised the Office of Management and Budget and the General Services Administration for altering the TMF rules to consider funding projects that do not expect to yield enough savings to fully repay the amount they draw from the fund.

RELATED: What are the key challenges to federal digital transformation?

Labor Department CIO Gundeep Ahluwalia noted that his agency has received two awards from the fund since its inception, one to speed up and digitize the issuing of visas for temporary workers and another to defragment and modernize its data infrastructure. The agency has three proposals before the TMF board now, including one related to the cybersecurity executive order, one to build on the visa project and another on ensuring compliance on accessibility related to Section 508 of the Rehabilitation Act.

For the Section 508 project in particular, Ahluwalia noted that agencies face similar issues related to making technology accessible to all, and the hope is that the project could result in resources, tools and training to help other agencies. Labor is using funds from a variety of sources, he said, including funds appropriated by Congress, its working capital fund and TMF fund to spur modernization, calling it a “comprehensive funding strategy.”

Office of Personnel Management CIO Guy Cavallo noted that his agency still does not have a working capital fund, but he is hoping to set one up. As a result, OPM is more reliant on TMF funding. The agency just received an award for a zero-trust networking project and has five other proposals before the TMF board focused on modernizing legacy systems, which manage everything from hiring to health insurance and retiree benefits for federal employees.

The OPM technology budget on its own cannot support all of those modernization efforts, Cavallo said. “We need outside funding,” he noted, adding that he aims to move quickly on modernization efforts. “There is no sitting still or timing.”

Click the banner below to get access to a customized content experience and exclusive articles.

Implementing the Cyber EO Will Be a Complex Undertaking

The CIOs also discussed their agencies’ efforts to implement the cyber executive order and move to a zero-trust architecture.

Cavallo said he wished some of the language had been worded a little less absolutely about whether every aspect of the agency had to move to multifactor authentication, citing some “break glass” systems needed in emergencies that currently do not have MFA.

However, he added, the order is extremely helpful in that it helps spur discussions about getting more funding for cybersecurity and also can be used “as a hammer if I meet resistance, to help move us along.”

Washington noted that he has received buy-in from USDA Secretary Tom Vilsack and Deputy Secretary Jewel Bronaugh on implementing the order, and in fact co-owns the effort within the agency with Bronaugh. The order, he said, provides a “renewed sense of emphasis and urgency on some of the things we should be doing anyway in cyber.”

That does not mean that implementing it will be without challenges. Dunkin called the order a “huge lift in our highly federated environment” at the Energy Department. She noted that the agency has a wide range of missions, and is trying to figure out, for example, how it can implement things like MFA across the agency while still enabling outside researchers to get access to the agency’s systems.

The “elephant in the room,” said Dunkin, is how agencies are going to pay to implement all of its provisions. The Energy Department simply needs more funding to do so, she said.

RELATED: Why zero trust is as much a state of mind as a technology deployment. 

In the meantime, the department is going to implement the areas of the order that address the agency’s highest risks first, while maintaining the various missions the department is engaged in, Dunkin said.

If the agency does not get enough funding, she said, it will either need to shut down the program management office set up to implement the order or take funding away from another area to keep the office running.

Ahluwalia noted that cybersecurity improvements require leadership, funding and focus, but are also opportunities for modernization and shifting resources to cloud environments.

“The direction has been clear,” he said. “It is the velocity and applying the resources onto where we want to go” that is changing.

All of the CIOs said that as they work to implement zero-trust elements into their cybersecurity architectures, they will likely start with proof-of-concept deployments before scaling them up.

“You never do big bangs anymore,” Ahluwalia said. “You need proof of concept. But you can have high velocity. Iterative does not mean it has to be slow.”

Follow FedTech coverage for more articles from Imagine Nation ELC 2021.