White House Wants to Give Agencies New Pot of Money to Upgrade Legacy IT

The White House is seeking Congress’ help to establish a multibillion-dollar fund that federal agencies could use to upgrade aging computer networks prone to cyberattacks and system failures.

As part of a planned Cybersecurity National Action Plan announced today, the Obama administration wants permission to establish a $3.1 billion revolving fund that will help agencies transition away from so-called legacy IT toward more modern options, such as cloud computing.

“We have a broad surface area of old, outdated technology that's hard to secure, expensive to operate and, on top of all that, the skill sets needed to maintain those systems are disappearing rather rapidly,” Federal Chief Information Tony Scott said in a conference call with reporters Monday evening.

About three-quarters of the $80 billion in annual federal IT spending is slated for operations and maintenance of existing systems -- some of them years out of date. A soon-to-be-released report from the Government Accountability Office on legacy systems in government has tallied up 28 systems at least 25 years old. Another nearly dozen information systems date back to 1980 or earlier.

Scott has likened the lopsided spending on older, harder-to-secure systems to “a crisis that's bigger than Y2K,” at a White House meeting in November with business executives.

In a Feb. 9 Wall Street Journal op-ed on the new cybersecurity action plan, President Barack Obama wrote:  "It is no secret that too often government IT is like an Atari game in an Xbox world. The Social Security Administration uses systems and code from the 1960s. No successful business could operate this way. Going forward, we will require agencies to increase protections for their most valued information and make it easier for them to update their networks.”

The modernization fund, which the White House plans to situate at the General Services Administration, requires congressional approval.

The fund would target applications that:

• Have documented cybersecurity challenges;
• Can easily shift to shared services, the cloud or other “more modern architectures”; and
• Eat up a lot of costs just to maintain.

Agencies would receive funding in installments “rather than the big blob of money that is typical in the federal government” to encourage incremental development, Scott said.

Agencies that receive funding will also be required to pay back into the fund over time.

All told, the administration expects the modernization fund to support between $12 billion to $15 billion in new application development over several years.

Federal officials have long maintained the arcane federal budgeting and appropriations process makes IT modernization difficult.

“This world where annually we decide what we're going to spend money on is not conducive to building a secure infrastructure,” Scott said at a government acquisition conference in October, adding, “We don't have a regular plan for replacement or upgrade.”

Michael Daniel, special adviser to the president for cybersecurity and the White House “cyber czar,” said officials plan to work “closely with our colleagues up on the Hill” to secure support for the IT fund.

Draft bipartisan legislation circulating on Capitol Hill -- called the Cloud IT Act -- has already floated the possibility of a working capital fund to help agencies make upfront investments in order to modernize legacy IT systems. However, that legislation, introduced by Sens. Jerry Moran, R-Kan., and Tom Udall, D-N.M., has yet to be introduced.

Also, as part of the new cyber action plan, the White House requested a 35 percent funding bump for governmentwide cybersecurity initiatives -- for a total of $19 billion -- and announced plans to hire a federal chief information security officer to oversee cybersecurity planning across the civilian federal government.