5 ways the 2018 omnibus promotes IT modernization, cybersecurity

Rep. Will Hurd (R-Texas) said about 10 days before the end of the latest continuing resolution that he was optimistic that congressional appropriators would find some money for the Technology Modernization Fund.

Margaret Weichert, the deputy director for management at the Office of Management and Budget, told the House Oversight and Government Reform Committee the week before that she was hopeful that lawmakers would come through with funding for the governmentwide IT modernization fund.

This is one of those occasions where optimism and hopefulness were not for naught. Of course, those leaders in the federal IT and acquisition communities — OMB, lawmakers, chief information officers, deputy secretaries, acquisition professionals — use those terms because they can’t say the opposite. Nothing gets done if you say the program is doubtful to work, or the contract is unlikely to be awarded anytime soon.

This is why many times the media, contractors and even lawmakers are wary when federal officials regale us with optimism.

Advertisement

So let’s celebrate Hurd, Weichert and many others optimism this time because for once it was genuine.

In the fiscal 2018 omnibus spending bill signed into law Friday by President Donald Trump, Congress filled the TMF $100 million.

The report language and the bill offered no details, no instructions for how OMB should manage it. Now those details were laid out in the Modernizing Government Technology (MGT) Act passed in December as part of the Defense authorization bill and subsequent OMB guidance, so that’s a sign that Congress is optimistic about the fund.

Now the $100 million was about 49 percent of what the administration asked for, but it’s better than what lawmakers originally allocated, nothing. So it’s a good start for OMB and the TMF Board to prove its processes and move agencies off legacy IT systems.

“I am grateful for my colleagues who recognized not only extensive security risks, but also the tremendous opportunity we have to make government more efficient and reliable to taxpayers,” Hurd said in a release.

Along with the TMF, here are four other budget reasons to be optimistic about IT and acquisition in 2018:

Even more money for governmentwide IT initiatives

While Hurd, OMB and many others focused on the TMF, Congress was generous with several other IT-related funds.

Federal Citizen Services Fund receives $50 million and lets it “bank” as much as $100 million to “enhance [the government’s] ability to conduct activities electronically, through the development and implementation of innovative uses of information technology.” This fund includes money for the Electronic Government (E-Gov) fund and Congress wants continued oversight over how agencies plan to spend money on these projects. In the bill’s report, lawmakers say: “Any deviation from the spending plan required for Electronic Government projects shall require a notification within 30 days to the Committees on Appropriations of the House and Senate.”

The General Services Administration runs the fund and requested in $54 million in 2018 after receiving more than $57 million the last two years.

GSA says the citizen services fund will be used to support cloud computing security through the Federal Risk and Authorization Management Program (FedRAMP) as well as portals such as data.gov, the digital analytics program and challenge.gov.

“The fund supports agency-facing programs that drive governmentwide transformation to secure, digital government through shared services, platforms and solutions, and by providing technical expertise to agencies on projects that leverage digital technologies,” GSA wrote in its 2018 budget justification. “Extensive communities of practice in key areas including social media, mobile computing, user experience, prize and challenge competitions, and contact centers serve as a catalyst to drive adoption and improvement of digital services through development and sharing of best practices, training, and establishment of working groups to address tactical needs.”

IT Oversight and Reform Fund receives $19 million and OMB “may transfer these funds to one or more other agencies to carry out projects” to ensure the integration, efficient, secure and effective use of IT. OMB had requested $25 million in 2018, which was almost $5 million less than 2017.

“OMB will use ITOR funding in FY 2018 to enhance transparency, data collection, analytics, and technical assistance in federal IT investments. ITOR oversight activities will support continued operations and enhancements to the federal IT Dashboard and PortfolioStat reviews, identifying underperforming and duplicative investments and taking corrective actions,” OMB wrote in its 2018 budget justification. “Additionally, ITOR funds will support policy analysis and development efforts to support federal IT reform including FITARA oversight. ITOR funds will also support IT acquisition reform, including IT Category Management to improve the acquisition and management of common IT goods and services to drive us to greater performance, efficiencies and savings. For example, these oversight activities will increase the productivity of IT investments by optimizing and consolidating data centers, continuing the adoption of cloud computing, and increasing the use of intra-agency and interagency shared services.

OMB also uses ITOR funding to support the U.S. Digital Service and its Cyber and National Security Unit.

Governmentwide cybersecurity awash in money

The Homeland Security Department received $722 million for cybersecurity efforts, which was about $2 million more than requested in 2018.

Specifically, federal cyber programs saw a $45 million reduction in the final appropriation as compared to the request — $432 million instead of $477 million.

Cyber readiness and response. The National Cybersecurity and Communications Integration Center (NCCIC) gets  $244 million, including $174 million for the Computer Emergency Response Teams (CERT) and $17 million for training, malware analysis, safety systems vulnerability analysis, incident response and assessments of Industrial Control Systems in emerging sectors and subsectors.

“The NCCIC is directed to continue providing technical assistance to other federal agencies, upon request, on preventing and responding to data breaches involving unauthorized access to personally identifiable information,” lawmakers stated in the report on the DHS section of the bill. “GA0 made several recommendations designed to ensure that the NCCIC is adhering to its nine implementing principles under the National Cybersecurity Protection Act. Specifically, the report noted that the NCCIC had yet to determine whether those implementing principles are applicable to its eleven statutory cybersecurity functions and had yet to establish performance metrics for the principles. Not later 90 days after the date of enactment of this Act, NPPD shall brief the committees on its specific plans to address these GAO recommendations.”

Federal cybersecurity. DHS received $102 million for the continuous diagnostics and mitigation (CDM), which is almost $9 million more than requested. Congress wants DHS to use the extra money “to accelerate deployment of CDM to federal departments and agencies. NPPD is directed to provide a briefing to the committees on the current CDM program acquisition strategy and schedule not later than 30 days after the date of enactment of this Act.”

The National Cybersecurity Protection System (NCPS), which protects federal networks and data from cyber intrusions under the EINSTEIN tools, received $287 million. Similar to CDM, Congress wants semiannual briefings on the progress of the program and any obstacles DHS is finding.

Additionally, Congress approved $3 million for DHS and National Institute of Standards and Technology to conduct pilot programs to conduct regular assessments of advanced protective technologies.

At the same time, Congress also allocated CDM and the NCPS additional money for acquisition efforts.

CDM received $246 million, more than $50 million more than it requested, while the NCPS received $115 million, almost double its request of $56 million.

“The total reflects a realignment of $58 million from Operations and Support for the National Cybersecurity Protection System, as requested,” the bill report stated. “The total includes an additional $61.8 million to support acceleration of CDM capabilities to a broader set of non-CFO Act agencies and to accelerate mobile/cloud computing visibility across the dot-gov domain.”