The White House’s American Technology Council (ATC) published its federal information technology (IT) modernization report Wednesday detailing a new risk-based approach to IT implementation and cyber security policy with a larger focus on commercial partners.
The Trump administration’s technology council has released its first report, and is proposing the president implement two year-long plans to upgrade federal information systems containing high-value assets (HVAs) and prioritize the move to commercial cloud services across the government.
“This report envisions a modern Federal IT architecture where agencies are able to maximize secure use of cloud computing, modernize Government-hosted applications, and securely maintain legacy systems,” the technology council writes in the report.
In May, Trump signed a cyber-focused executive order establishing the ATC and directing it to compile a report on areas where efficiency of IT use across the federal government could be improved. The ATC consists of cabinet members and representatives from the Departments of Defense and Commerce, and the Intelligence Community, and the report was coordinated with the Department of Homeland Security (DHS), the Office of Management and Budget (OMB) and the General Services Administration.
“We set out to accomplish two high-level objectives. First is to create a vision for the future of Federal IT that maximizes secure use of the best commercial technology available, and second is to define a plan to jumpstart the government’s transition to that vision,” Director of the ATC Chris Liddell wrote in a statement. “In furtherance of these goals, we set some objectives that the vision for the future of Federal IT needed to fulfill. These were to enable more rapid delivery of new capabilities to the American public, to increase the cyber security of our systems, and to enable us to operate our IT in a much more cost effective manner.”
The report points to the Trusted Internet Connections (TIC) and National Cybersecurity Protection System (NCPS) initiatives as two program that have resulted in security requirements that are hindering the adoption of commercial cloud services and the upgrading of systems to protect high-value assets.
TIC was an OMB initiative in 2007 consolidate the number of external connections utilized on federal networks, and the DHS NCPS created an automated intrusion detection system for analyzing security information across government systems.
“This hampers agencies’ ability to acquire new technologies like commercial cloud, which rely on a distributed network model and emphasize optimization of virtual rather than physical controls of data,” the council writes.
The council’s report proposes two major year-long plans to hasten IT modernization and adoption of cloud services for the President’s consideration, both with oversight by OMB and an emphasis on greater commercial partnerships.
Under the ATC’s network modernization strategy, the OMB would work with the National Institute of Standards and Technology and DHS to identify all areas of weakness in networks containing HVAs. All agencies with identified risks in their networks would then have 80 days to create a remediation plan.
In its proposal, the ATC states it will push for all required remediation plans to focus on full modernization with an emphasis on adopting a commercial cloud solution.
The second strategy is based around a theme of “bring the government to the cloud” and “bring the cloud to the government.”
“It is recommended that the President direct the implementation of the plan outlined below to accelerate secure use of commercial cloud through the modernization of the NCPS Program and TIC capabilities, policies, reference architectures, and associated cloud security authorization baselines,” writes the ATC.
The ATC’s 120-day plan for adoption of vendor-owned and operated cloud networks includes OMB and DHS updating the Federal Cloud Computing Strategy to provide additional guidance on how agencies can procure solutions and conduct appropriate operational security in the new environments
“Difficulties in agency prioritization of resources in support of IT modernization, ability to procure services quickly, and technical issues has resulted in an unwieldy and out-of-date Federal IT infrastructure incapable of operating with the agility and security that is required of a multibillion-dollar Federal IT enterprise,” writes the ATC in the conclusion of its report. “In order to aggressively modernize IT systems, the Federal Government will need to maximize use of shared services and commercial capabilities. In furtherance of this objective, existing policies and programs will be rapidly and iteratively updated to eliminate barriers to cloud adoption, and agencies will rapidly migrate applicable capabilities to commercial cloud services.”
The ATC is accepting comments on the report up through Sept. 20, which can be sent to [email protected].
“Much of this plan is built on industry best practices, and a major point of emphasis is to maximize use of commercial capabilities. This will result in a close partnership with industry to be able to achieve our targeted vision. Given this, we are collectively looking for feedback from industry to ensure that we have adequately described our end-state and that we are best leveraging industry capabilities in our plan to get there,” Liddell said.