In recent years, it has become clear that the world of cybersecurity is rapidly changing — cyberattacks are not only growing in volume, but also in complexity. As chairman of the Senate Commerce Subcommittee on Consumer Protection, Product Safety, Insurance, and Data Security, I’ve convened hearings and publicly questioned private corporations to determine what protections and practices they have in place to better protect their customers’ personal and financial data.
In 2015, the U.S. Office of Personnel Management (OPM) experienced a breach that exposed the personally identifiable information of tens of millions of Americans. The danger that results from compromising the federal government’s data cannot be overstated, and as companies must do all they can to prepare for and prevent hackers from gaining access to their customers’ information, the federal government must do the same.
As advancements in information technology (IT) continue to shape our nation’s evolving needs related to national security, economic competitiveness, communications, health care and privacy, the federal government must keep pace with these changes through flexible, expeditious and results-driven decision making.
In 2014, Congress enacted the Federal Information Technology Acquisition Reform Act (FITARA), which took the first step toward reforming the way our federal agencies make IT decisions. FITARA makes certain that subject matter experts are part of decision-making processes and enhances covered agency chief information officers’ (CIOs) authorities related to agency modernization initiatives in budgeting and planning processes.
Still, a stringent and cumbersome budgeting and acquisition process has tied the hands of agency CIOs in their efforts to modernize their IT systems in an efficient fashion. The U.S. Government Accountability Office’s (GAO) 2015 High-Risk Series report highlighted several issues it deemed critical to improving IT acquisition. Specifically, the report stated that about 75 percent of the $80 billion the federal government spends annually on IT investments is spent operating and maintaining outdated and unsupported legacy systems — draining taxpayer dollars and creating major cybersecurity vulnerabilities at home and abroad.
Earlier this Congress, I joined a number of my colleagues in writing to the 24 federal agencies covered by the Chief Financial Officer (CFO) Act, including the Department of Defense and the Department of Homeland Security, requesting updates on the modernization of their mission-critical systems. Unfortunately, the majority of agency responses indicated that they operated numerous insecure legacy systems.
President Trump and his administration have dedicated a plethora of resources to improve in this space through the president’s establishment of the White House Office of American Innovation, which has helped guide critical executive orders to update aging systems.
Further, with the support of the administration, I partnered with Senator Tom Udall of New Mexico to introduce the Modernizing Government Technology (MGT) Act last April in the Senate after working together on earlier versions in past Congresses. The MGT Act establishes IT working capital funds at the 24 CFO Act-eligible agencies and allows them to use savings obtained through streamlining IT systems, replacing legacy products and transitioning to cloud computing for further modernization efforts for up to three years. The bill also sets up a separate, centralized modernization fund within the Department of the Treasury for the head of the General Services Administration (GSA) to administer across the federal government in consultation with a federal IT expert board.
It is only fitting that the MGT Act was signed into law last year as part of the National Defense Authorization Act for FY2018, as cybersecurity policy is increasingly interwoven into comprehensive national security discussions. As a member of the Senate Appropriations Subcommittee for Defense, I will continue to prioritize robust resources for cybersecurity programs across all federal agencies in the interest of national security. Additionally, a well-trained cyber workforce capable of upholding and supporting comprehensive, interoperable federal government systems will prove to be critical to this mission, paired with competitive science, technology, engineering and math (STEM) education programs that we must continue to prioritize.
My goal is to continue promoting modernization and security in the federal government’s IT systems. As we recognize Data Protection Day on January 28, I appreciate the bipartisan, bicameral support the MGT Act received through its enactment and look forward to working with my colleagues and the White House Office of American Innovation on more legislation so America remains the most secure high-tech country in the world. We know the threats are real, and we must continue to innovate to remain the world’s leader in cybersecurity defense.
Sen. Jerry Moran, Kansas Republican, is Chairman of the Senate Commerce, Science and Transportation Subcommittee on Consumer Protection, Product Safety, Insurance, and Data Security.
This op-ed ran in the Washington Times on January 28, 2018.