President Donald Trump wants agencies to begin buying more modernized shared IT services where feasible.
As part of the cybersecurity executive order released Thursday, agency heads are required to “show preference in their procurement for shared IT services,” such as email, cloud and cybersecurity services.
“Effective immediately, it is the policy of the executive branch to build and maintain a modern, secure, and more resilient executive branch IT architecture,” the order says.
Concurrently, Trump tasked his newly formed American Technology Council with developing a report on the modernization of federal technology.
Within the next 90 days, the director of the ATC is responsible for coordinating with the heads of the Department of Homeland Security, the General Services Administration, and the Office of Management and Budget to report on the “legal, policy, and budgetary considerations,” as well as the technical feasibility, of moving agencies to “consolidated network architectures” and “shared IT services, including email, cloud, and cybersecurity services.”
The American Technology Council has been deemed the president’s lead on all things modernization, Thomas Bossert, the president’s homeland security adviser, said in Thursday’s White House press conference.
While the EO focuses primarily on the security of federal systems against external threats, it did so with the understanding that IT modernization plays an integral part in federal risk management.
“The executive branch has for too long accepted antiquated and difficult–to-defend IT,” the order reads. “Effective risk management involves more than just protecting IT and data currently in place. It also requires planning so that maintenance, improvements, and modernization occur in a coordinated way and with appropriate regularity.”
Bossert further discussed that interconnection between cybersecurity risk management and IT modernization during the press conference.
“We spend a lot of time and inordinate money protecting antiquated and outdated systems,” Bossert said. “We saw that with the [Office of Personnel Management] hack and other things. … We’ve got to move to the cloud and try to protect ourselves instead of fracturing our security posture.”
The executive order calls for agencies to view their IT as a more centralized operation, he explained. “We view our federal IT as one enterprise network. If we don’t do so, we will not be able to adequately understand what risk exists and how to mitigate it.”
And that won’t be an easy task, according to Bossert. “Modernizing is imperative for our security. But modernizing is going to require a lot of hard, good governance.”
He continued: “We have great hope there will be efficiencies there, but also security. Other countries have taken two or three years to learn what we came up with in two or three months, and that is that you can’t promote innovation without first thinking through risk reduction. So doing that together is a lesson that we’ve learned.”