Can FITARA Prevent Future Cyberattacks?


A group of federal experts weighed in during a recent panel in Washington.

The Federal Information Technology Acquisition Reform Act -- which aims to give agency chief information officers more authority over their IT budgets -- could help CIOs eliminate outdated technology vulnerable to cyberattack, according to a group of federal IT leaders. 

"A lot of CIOs are getting called into the [deputy secretaries'] offices and they're getting asked, 'Is what happened to OPM going to happen to us?,’" the Government Accountability Office's Director of IT Management Issues David Powner said during a panel Tuesday in Washington on agile IT development. 

FITARA, whose requirements for federal agencies include providing monthly updates on tech projects to the Office of Management and Budget, as well as contributing progress reports to the public IT Dashboard, is "not about hiding the ball; it's about being transparent and managing the technology and securing the technology," he said. 

Dave Nelson, the deputy chief operating officer and chief information officer at the Centers for Medicare & Medicaid Services, said the legislation has already helped his agency. In April, OMB released draft guidelines detailing how to implement the law.

Before these guidelines, Nelson said, he "just didn't have any view" into the federal acquisition process, including how the selection criteria for IT contracts were determined. 

The legislation lets him "see what the problem is, and . . . fix upstream what's going on with the acquisition process," he said. 

But updating legacy systems isn't a panacea for cyberthreats, federal CIO Tony Scott explained. 

"This is a hard problem to solve . . . I don't want to just do a lift and shift of all application architecture into the cloud," he said. "Some number of those applications should just be shot in the head."

(Image via Finchen/