We’ve talked about the need for Congress to prioritize upgrading and modernizing government IT systems for a while now, so we were glad to see the Senate recently pass the 2017 National Defense Authorization Act (NDAA) with the Modernizing Government Technology (MGT) Act intact. The MGT Act (HR 2227), introduced by Rep. Will Hurd (R-TX), was signed into law last Tuesday.
Federal IT modernization is a critical component of strong government cybersecurity, and the necessity for this bill is clearer than ever. Recently, the House Oversight and Government Reform Subcommittee on Information Technology, which Rep. Hurd chairs, gave several federal agencies failing grades for their efforts around IT modernization in the latest Federal IT Acquisition Reform Act (FITARA) scorecard. Encouragingly, chairman Hurd plans to include the MGT Act’s requirements for agencies to establish working capital funds as a category in a future scorecard.
Rep. Hurd’s goal for FITARA to evolve into a digital Cyber Exposure scorecard would help agencies more clearly assess their risk, because, as he noted recently, legacy technology poses both a financial and cybersecurity risk to our nation. Chief among those threats is the inability to identify it as part of a rapidly expanding amount of assets. Agencies need to be able to take a modern approach to cybersecurity that includes live discovery of every asset, whether it’s an old server or an iPad, and continuous visibility into where those assets are secure or exposed. All organizations now face an elastic attack surface, where the constantly evolving number of assets and their vulnerabilities has led to a gap in the ability to understand their overall cyber risk.
The MGT Act will help close that gap by establishing a capital fund, so agencies can purchase the modern tools necessary for a comprehensive view of their Cyber Exposure. The cyber funding in the bill also ensures that security is part of future modernization efforts. Further, the MGT Act could save billions in taxpayer dollars given that more than $64 billion is currently spent just to operate and maintain legacy IT systems annually.
The MGT Act is smart public policy, and it’s encouraging to see bipartisan progress from the IT subcommittee on such a critical cybersecurity issue, including chairman Hurd, ranking member Kelly (D-IL), and Reps. Connolly (D-VA) and Gianforte (R-MT). Yet, there is more to be done. Rep. Hurd’s next stated focus on developing a “cyber corps” will help ensure that the federal government has access to the people and skills they need to adequately prevent and respond to cyberthreats. We also need to explore how advanced technologies like quantum computing and blockchain may be used to mitigate threats. We look forward to supporting these and other efforts to modernize the federal government’s approach to cybersecurity next year.