The White House already has a list of critical federal IT systems in need of upgrading that could be financed under a newly proposed IT modernization fund -- if Congress agrees to dole out the funding.
The list of “high-value assets” was supplied by agencies as part of a security sweep after the massive Office of Personnel Management hack was disclosed last summer.
Those systems in significant need of a tune-up now top the list if Congress approves the proposed $3.1 billion IT modernization fund, said U.S. Chief Information Tony Scott.
The upgrade fund, which would parcel out funding in small doses and which agencies would be required to pay back, aims to “disrupt” the traditional federal budgeting model, Scott said, speaking at a cybersecurity panel in Baltimore on April 12 hosted by The Christian Science Monitor.
The government is set to spend nearly $90 billion on IT next year but more than two-thirds of that is eaten up in operating and maintaining existing systems, according to federal statistics. That leaves little leftover funding to pursue costly, multiyear upgrades.
And that means many agencies are just leaving older tech, which is harder to secure and at higher risk of simple system failure, running well past its shelf life.
How old is some of this technology we’re talking about?
Scott, who earlier in his career worked for Sun Microsystems (a tech company later acquired by Oracle), said he’s actually seen some of the company’s 1980s-era servers -- for which the company stopped providing support at the beginning of the Clinton administration -- still running in government.
“We still have a whole bunch of federal agencies that are still running on that set of gear, and they're robbing parts graveyards to get spare parts,” Scott said. “Now, it was great gear at the time … But this is a line of technology that we should just have a goodbye party for.”
He added: “Every day that goes by without replacing that or upgrading it -- both from an infrastructure and an app side -- means that we're piling more dirt on top of these old immovable sort of objects. And it's just the wrong thing for us to do."
President Barack Obama first proposed the new fund as part of his fiscal 2017 budget blueprint.
On Monday, Rep. Steny Hoyer, D-Md., officially introduced the IT Modernization Act, which would establish the $3.1 billion revolving fund.
So far, the proposal has garnered a dismissive, at times frosty, reception in Congress. Lawmakers on the House Appropriations Committee questioned the funding structure and the chairman of the House Oversight and Government Reform Committee even called the rationale for the new funding “hogwash.”
Still, Scott said he thinks lawmakers are still, by and large, on his side. Congress is at least interested in the subject, he said.
“I'm feeling really good support,” he said. “It's not a partisan issue at all. I think everyone's legitimately concerned about the state of not only cybersecurity, but just the general state of our systems in the federal government. It's pretty clear that we need to do something more than what we've been doing."