November 05, 2018
On May 11th, 2017 the President signed an executive order that has the potential to open up IT systems in the Federal government in unprecedented ways.
Order 13800 is titled “Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure”. The order tasks the director of the newly-formed American Technology Council (ATC) to coordinate a report from multiple agencies to the President on how the Federal government plans to modernize its Information Technology systems.
This announcement, and the report that followed was encouraging news for many of us who have worked in or contracted for the Federal IT space. The report acknowledges some of the current and previous policies that have not been efficient and outlines a plan to change some of that strategy going forward, along with factors that have contributed to difficulties in achieving modernization of Federal IT systems and ways they might be overcome. Below are some highlights from the report. It can be read in its entirety here.
This section builds on previous efforts to modernize, such as the E-Government Act of 2002, the Clinger-Cohen Act, and others.
The plan starts with prioritizing assets for modernization, by identifying those that are high-risk and high-value (HVAs). For security, the emphasis is on enhancing protections at the application and data level. This means improving management and authentication for devices, and for data encryption. The encryption should be for “data at rest”, such as encrypting a hard drive, and for “data in transit”, such as web and email transmission.
The most striking part of this section is the emphasis on getting Federal agencies onto the Cloud. The Cloud has been mostly off-limits for Federal IT since it first became identified as a viable solution for hosting applications.
The report offers a default approach to a Cloud implementation, labeled “Bring the Government to the Cloud”. This is where a fully cloud-based solution would have the proper security and controls in place to section off Federal assets from other customers. The second option, for systems with security requirements that cannot be met with the default solution is called “Bring the Cloud to the Government”. This approach specifies datacenters that are either owned by the government, or commercially owned and operated datacenters that are “isolated and dedicated for Government use”.
The second directive of this section is accelerating the use of Cloud-based email and collaboration tools. This would be a huge step for Federal agencies, especially those with advanced security clearance. This plan also seeks to change the way these products and services are acquired, to make the process more transparent.
The initiatives described in the report represent an unprecedented opportunity for Federal agencies to work with experienced partners in implementing many cloud-based systems that were previously very difficult to get through regulations. Moser has been working with Federal agencies for over 20 years, with dedicated teams for cloud technologies, security, and productivity suite migrations, along with a managed service offering that can be customized for either of the two cloud approaches described above.
Hopefully, the final result of this initiative will be Federal IT that is more in line with commercial organizations instead of always lagging behind. This could mean more efficient spending, better security, and even more partnerships between government agencies and cutting-edge IT firms.