The White House wants to know what's missing and will keep commenting open until Sept. 20.
The coalition of senior White House advisers and tech tycoons that President Donald Trump consults about government problems has finally shared a general plan for catching federal agency technology up to the private sector’s.
So far, the American Technology Council’s rough strategy would direct agencies to continue consolidating data centers, move more data into the cloud using commercial technology, and share services they currently buy individually, like payroll or human resources systems. It would also encourage agencies to focus first on modernizing high-risk, high-value projects before tackling other efforts.
The plan is open for public comment until Sept. 20, and its authors—senior White House tech officials, working in consultation with private sector experts—are assessing whether any major strategies are missing. The draft also suggests agencies should “consider immediately pausing or halting” actions that might “develop or enhance” any outdated IT systems.
» Get the best federal technology news and ideas delivered right to your inbox. Sign up here.
Chris Liddell, the former Microsoft chief financial officer who now heads up the occasional convocation of business leaders known as the American Technology Council, and Office of Science and Technology Policy senior policy adviser Jack Wilmer, noted in a Wednesday blog post that the plan emphasizes using commercial technology to modernize government. Trump’s cybersecurity executive order, which mandated that federal agency heads be held responsible for the cybersecurity health of their organizations, also required Liddell to coordinate this report describing modernization plans.
The team concluded that past modernization efforts have failed because of “budgetary constraints, procurement problems, and outdated policy and technical guidance.”
Specifically, the plan stresses moving cyber protections closer to government data and devices rather than simply scanning data for malicious activity as it enters and exits federal networks. It also emphasizes encrypting data whenever possible, both on government computers and when it transits from one computer to another.
The team outlined plans to boost security workers’ visibility into device-level activities, so they can note anomalies that suggest a device has been hacked or that it’s being used by a malicious insider.
The report also encourages "security operations as a service," where a handful of agencies would provide cybersecurity operations and data protection for the broader government for a fee.
The report also envisions expanding the Homeland Security Department’s continuous diagnostics and mitigation program—which provides cybersecurity services to federal agencies—to agency data stored in computer clouds.
The group is also now collecting comment on the report, asking what’s missing from the vision, what should be removed from it, and how feasible the proposed acquisition pilot is.
At least one former federal leader thinks the plan doesn’t go far enough. Walter Shaub, the Office of Government Ethics director who resigned a few months after Trump assumed office, took to Twitter to argue that there should be more discussion of centrally controlled IT, instead of agency by agency. Especially after the 2015 hack of the Office of Personnel Management exposed the personal information of about 22 million people, agencies with less money and a smaller staff might benefit from such an approach.
“As things stand, each agency has to reinvent the wheel. At OGE, we prioritized improving our IT systems, and we had a great CIO. But some small agencies don't even have the knowledge base to know how urgent this issue of IT infrastructure and security is,” he tweeted.
Hacks on civilian systems are inevitable, he argued.
“At a minimum CIOs need more support," he tweeted. "But coming up with one more plan that leaves each civilian agency on its own to take on foreign military hacking operations is just kicking the can down the road, and firing one agency head after another when there's one breach after another is just replacing the pots and pans you laid around the house to collect the rain instead of fixing the roof.”