Graves: When MGT passes, modernization plans are ready
With the expected passage and funding of the MGT Act, Graves said that funneling resources to address the greatest vulnerabilities is the overarching goal.
Modernization is more than just a buzzword. According to acting federal CIO Margie Graves, it’s a crucial strategy that will help protect critical infrastructure.
“We are closer than we’ve ever been before, I think, to putting all of the pieces and parts of effective IT modernization in place," Graves said at the Oct. 18 CyberTalks conference in Washington, D.C. "That includes funding strategies, acquisition strategies, tech talent that we’re bringing to the table and of course the governance to make all of that work.”
That governance is packed into the Modernizing Government IT Act, which is bundled into the National Defense Authorization Act for 2018. And since the NDAA is considered must-pass legislation, modernization advocates are making sure they're ready to move forward.
“[A]s soon as passage comes for that -- and if there’s money attached to it,” Graves said, “we are preparing accordingly, we’re working with agencies to put together to appropriate business cases.” All those efforts, she added, are “predicated on making sure that we modernize some of the applications first that have the greatest cyber vulnerabilities.”
Graves said the White House was in the final stages of producing its final IT modernization report, which outlines the broader strategy and standards that tie back to cyber intelligence on critical vulnerabilities.
She said the report was due to be publicly published later this week, and that a risk-based national cyber strategy outlined in the report drills down on the intention that “every dollar in the budget” go to identifying and fixing vulnerabilities.
“We should be addressing cyber in a risk-based manner and then tying every dollar in the budget back to buying down risk,” Graves said. “[T]hat’s just as important for the management from the TMF – the technology modernization fund -- as it is for the dollars you spend in your own budget or the dollars you spend in the working capital fund in the federal government. We want to make sure they’re all aligned to the most critical assets.”
Focusing funds on reducing risk will ultimately reap benefits that will then be reflected in Federal Information Security Management Act (FISMA) scorecards, she said.
“We’re never going to have enough money or resourcing or smart cyber talent to do everything for every system,” Graves said. “We have to understand where our cut points are and use whatever resources we have toward the greatest vulnerabilities.”