As part of the May 11th Executive Order on strengthening the U.S. Federal cybersecurity framework and technology infrastructure; the Director of the American Technology Council (ATC) has submitted its draft report to the President on the current and future state of Federal IT, with specific recommendations to “jumpstart a new wave of modernization efforts.”
This report is a coordinated effort by the Secretary of the Department of Homeland Security (DHS), the Director of the Office of Management and Budget (OMB), and the Administrator of the General Services Administration (GSA), in consultation with the Secretary of Commerce (Commerce) to outline a “modern Federal IT architecture where agencies are able to maximize secure use of cloud computing, modernize Government-hosted applications, and securely maintain legacy systems.” To accomplish this goal, the report addresses two distinct categories; 1.) Network Modernization and Consolidation, and 2.) Shared Services to Enable Future Network Architectures, both with specific actions to be implemented in the next 12 months. Each category and its required actions are as follows:
Network Modernization and Consolidation
- Prioritize the Modernization of High-Risk High Value Assets (HVAs). Prioritize modernization of legacy IT by focusing on enhancement of security and privacy controls for those assets that are essential for Federal agencies to serve the American people and whose security posture is most vulnerable.
- Modernize the Trusted Internet Connections (TIC) and National Cybersecurity Protection System (NCPS) Program to Enable Cloud Migration. Use real world implementation test cases to identify solutions to current barriers regarding agency cloud adoption. Update relevant network security policies and architectures to enable agencies to focus on both network and data-level security and privacy, while ensuring incident detection and prevention capabilities are modernized to address the latest threats.
- Consolidate Network Acquisitions and Management.
Shared Services to Enable Future Network Architectures
- Enable use of Commercial Cloud. Improve contract vehicles to enable agencies to acquire commercial cloud products that meet Government standards.
- Accelerate Adoption of Cloud Email and Collaboration Tools. Provide support for migration to cloud email and collaboration suites that leverage the Government’s buying power. Define the next set of agencies to migrate to commercial email and collaboration suites.
- Improve Existing and Provide Additional Security Shared Services. Provide centralized capabilities that replace or augment existing agency-specific technology to improve both visibility and security.
Each section outlines a timeline for action, including, 30, 60, 75, 80, 100, 365 day plans. ‘Taken together, these recommendations will modernize the security and functionality of Federal IT, allow the Federal Government to improve service delivery, and focus effort and resources on what is most important to customers of Government services.”
Driving this level of change will require participation and commitment at every level of government, including agency leadership, mission owners, IT practitioners, and oversight bodies. The reports states that in order to achieve this modernized IT architecture, the Federal Government will need to maximize use of shared services and commercial capabilities while accelerating the adoption of cloud email and collaboration tools, improve the existing shared services, and provide additional support to security shared services for agencies. “The future of Federal IT is one in which agencies move further toward a risk-based approach to securing their systems that places appropriate emphasis on data-level protections and that fully leverages modern virtualized technologies.”
Requests for comment are now open. For more details, view the entire report.