Shoring up government cybersecurity falls into the category of easier said than done, despite a heavy emphasis due to the recent bombardment of attacks. In fact, that easier-said-than-done tag follows many government mandates and presidential prescriptions, which often carry zero Congressional funding.
The recent Biden Executive Order (EO), however, strikes a different tone – for one, because of its urgency, and for another, because of its backing.
Though not directly funded by any congressional dollars, Biden’s “Executive Order on Improving the Nation’s Cybersecurity” trails a watershed funding surge for the Technology Modernization Fund (TMF). Housed at the General Services Administration (GSA), the TMF is a centralized pool of money loaned out in parcels to government agencies for capital improvement tech projects.
“Many of our capabilities within government are antiquated, and they just don’t address our security needs today,” said Linzie Oliver, Chief of the Governance and Architecture Division within the U.S. Army Corps of Engineers, during GovLoop’s recent virtual event.
The vision for the TMF is that with millions of dollars available outside the usual budget, agencies can replace and upgrade ingrained and underlying technology systems that are outdated.
Though established in 2017 with the Modernizing Government Technology Act, the TMF has since found it difficult to find a foothold within the larger budgeting discussions, receiving scant payments. That was the case until recently when the American Rescue Plan passed, injecting stimulus across the country and depositing $1 billion into TMF coffers. The TMF Board will give cybersecurity projects priority consideration, as announced by GSA and the Office of Management and Budget (OMB).
Following an application and award process, TMF funds are used for modernization projects of all stripes – mainframes, contact centers, cloud and more.
But Oliver suggests that cybersecurity is an overarching top priority for all of government, and even projects that are not security-focused still must put protection up front.
“You can turn on the news today and see all the issues going on with security,” Oliver said. “This fund allows you to … strengthen security posture much faster than you would before.”
The Army Corps of Engineers works to meet unique standards. Comprised of civilian and military employees and working with numerous agencies, the Army Corps of Engineers adheres to both Defense Department and OMB cybersecurity mandates, Oliver said.
With continuous revisions to cybersecurity posture, such as the Biden EO’s tilt toward zero trust security philosophies, Oliver said agencies must be able to monitor their systems and know what they have – and what they don’t. Modernization to cloud technologies can remove impediments to enterprise visibility.
Oliver also encouraged agencies to have a plan and engage stakeholders. He commended his agency’s Chief Information Officer, Dovarius Peoples, for establishing a clear plan within 90 days of coming onboard.
With those priorities in mind, the U.S. Army Corps of Engineers continues to move to a modern, secure enterprise.
“Cybersecurity is No. 1 for us. It tops our list. It’s No. 1. It’s No. 2. It’s No. 3,” Oliver said.
This online training was brought to you by: