IT Security Spending in 2017

President Trump’s 2018 fiscal budget proposal gets one thing absolutely correct: we need to budget for legacy system security spending in our government agencies.

Modernization and security upgrades for our vulnerable government IT systems is crucially important. Because we live in an age where our cyber security is regularly threatened, we needed to begin modernizing our systems yesterday.

The recent budget request for the 2018 fiscal year would create a “technology modernization fund.” The fund would start with more than $220 million in federal monies. This budget request matches current legislation already proposed during the Obama administration, as well as updated legislation that passed the House in mid-May.

The technology modernization fund would “improve the management and oversight of Federal IT modernization projects.” This legacy system security spending would transition “federal agencies from IT infrastructure, systems, and services that are not cost-effective or secure to more efficient and secure technologies,” according to the administration’s analysis of the budget request.

While the request is a huge step toward legacy system security for government agencies, it doesn’t quite reach the $250 million requested in the bill that recently passed the House.

Supporters of the House bill, sponsored by Rep. Will Hurd of Texas, describe the legislation as “common sense,” and will help keep federal systems from breaches in cybersecurity.

However, does the bill go far enough?

Floppy Disks and Nuclear Codes Don’t Mix

According to a report by the Government Accountability Office, some critical systems that operate our federal government are at least 50 years old.

The report points out that “the Department of Defense uses 8-inch floppy disks in a legacy system that coordinates the operational functions of the nation’s nuclear forces. In addition, the Department of the Treasury uses assembly language code—a computer language initially used in the 1950s and typically tied to the hardware for which it was developed.”

Despite drafting requirements for agencies to plan modernize legacy system upgrades, most agencies did not have realized plans as of 2016.

Because of this lag, the government risks critical legacy system failures in agencies including the Department of the Treasury, Department of Defense, Department of Veterans Affairs, Department of Justice, and the Social Security Administration.

Not very reassuring, is it?

So What’s Next for the IT Security Spending Bill?

Thankfully, Rep. Hurd’s IT modernization bill heads to the Senate, where it just might pass.

As a result of this need, Senator Tom Udall of New Mexico is co-sponsoring a companion bill that will “help federal agencies to retire old systems and invest in new and critical technologies.”

Udall correctly believes that legacy system security spending matters because, “maintaining old IT systems is a security risk and costs taxpayers billions of dollars each year.”

We’re with Hurd and Udall on the IT security spending issue. Of course, the longer we put off modernization our government IT infrastructure, the more we’ll continue to see hacks, breaches, and other cybersecurity problems.

“In the Senate, I’ll fight to pass this bill and see it signed into law, to ensure that our government is getting better service at a better value for American taxpayers,” Urdall says.