The Office of Management and Budget (OMB) wants to help federal agencies accelerate the modernization of their legacy IT systems. Towards that end, OMB released new guidelines last week for how to prioritize projects and gain access to modernization funding.
According to a story in Federal Computer Week, the two main movers behind the draft policy are federal CIO Tony Scott and OMB director Shaun Donovan. The new guidelines grow out of the Administration’s FY 2017 budget, which includes a $19 billion cybersecurity action plan and a $3.1 billion government-wide revolving fund to support the estimated $12 billion in tech upgrades that agencies will require over the next decade:
“While the Obama budget hasn’t moved in the Republican-controlled Congress, a bill that authorizes government-wide and agency-based modernization funds passed the House of Representatives in September. Sponsors of a related cloud computing adoption bill in the Senate are hoping to advance similar legislation during the lame duck session of Congress after the election. Scott has said that the drive toward legacy IT modernization funds is already affecting federal policy, and the draft guidance from the White House is a prime example of that.”
The new draft policy outlines a path for agencies to update their technology roadmaps, identify and prioritize key systems and processes, and clarify and codify plans to move those systems to more secure, modern platforms. No one disputes that modernization is necessary. As the infamous hack of the Office of Personnel Management databases demonstrated last summer, the government runs many legacy systems that operate on outmoded operating systems that are hard to update. In many cases they are also difficult or impossible to secure using two-factor authentication, encryption or other security methods.
Scott elaborated on why the draft policy was needed in a blog post on whitehouse.gov:
“Over the years, agency efforts to modernize existing IT systems have faced substantial challenges. The high costs, lack of funding, and risks associated with modernization efforts, combined with the increasing cost to maintain existing systems, harm agencies’ ability to manage their IT systems strategically and deliver the functionality needed to achieve their missions. Furthermore, operational risks arise when these systems cannot adapt to current or expected mission requirements, user needs, operating environments, or are no longer cost justifiable. Modernization would improve the ability of these systems to deliver the necessary levels of functionality, security, and efficiency to satisfy and secure the needs of agency users, stakeholders, and the American public.”
Senior agency IT staff were already required to submit detailed IT roadmaps to OMB by the end of FY2016. Agency officials were asked to prioritize systems that could be transitioned to the cloud, or to shared services. The draft policy would extend that direction to include offering at least three likely candidates for modernization or retirement, including an IT modernization project that could be executed within one year.
There is more to federal IT modernization than the OMB simply telling agencies how to proceed. In fact, some senior IT staff see draft policy such as this as a kind of “unfunded mandate” from the executive branch. Scott’s proposed $3.1 billion IT fund was proposed in part to counter such perceptions.
In today’s increasingly dangerous cyber environment, such leadership from OMB should be welcomed. It’s up to agency leadership to determine how best to transform these best practices into federal IT reality.