Additional congressional funds will be critical to agencies’ efforts to comply with the Biden administration’s cybersecurity executive order and implement zero-trust architectures, according to federal chief information officers.
The executive order (EO) has agencies like the Department of Energy implementing zero trust and multi-factor authentication across highly federated environments, and the “elephant in the room” is how they will pay for everything, said CIO Ann Dunkin at ACT-IAC’s Imagine Nation conference in Hershey, Penn.
DOE is employing a risk-based approach to complying with the EO the Biden administration issued in May because compliance will take time and money, either from Congress or else internal cuts.
“I don’t have the money to support the [project management office] that I stood up to run the EO, if I don’t get any more money in 2022,” Dunkin said. “So either I take money away from something else, or I don’t even have that PMO in place.”
DOE has outstanding Technology Modernization Fund proposals that could help with Cyber EO compliance, but Dunkin reiterated her view there’s currently not enough money in the fund appropriated by Congress.
The Department of Labor hasn’t heard back on the TMF proposal it submitted for funds to help bolster its cyber posture. The Cybersecurity and Infrastructure Security Agency could assist departments in Labor’s situation by growing its Continuous Diagnostics and Mitigation program and developing governmentwide playbooks, but in the meantime agencies need to explore all their options, said CIO Gundeep Ahluwalia.
“In my mind, we have to find some resources internally, ask Congress for appropriated resources, look at the Technology Modernization Fund, and maybe some things can be pulled together and done centrally to raise all boats,” Ahluwalia said.
The U.S. Department of Agriculture also prioritized cybersecurity with its early TMF proposals, along with some to improve IT services to rural America and work with the Department of the Interior to modernize a platform for combating wildfires, said CIO Gary Washington. None of USDA’s proposals have received TMF funding yet.
Labor also has two outstanding TMF proposals that would help it finish an IT modernization effort around temporary workspace, as well as collaborate with the General Services Administration to meet accessibility requirements.
The Office of Personnel Management received TMF funding for its zero-trust networking proposal in September, one of three agencies along with GSA and the Department of Education to successfully propose Cyber EO-related projects.
Five other TMF proposals OPM submitted are tied to modernizing legacy systems, and while CIO Guy Cavallo hopes to establish a working capital fund for IT projects, TMF funding has proven critical since the Trump administration attempted to shutter the agency. The move made predicting future modernization costs more difficult, especially since federal background investigation work is still being transferred to the Department of Defense, Cavallo said.
“I inherited budgets that we weren’t sure were going to be there,” Cavallo said. “So I need the TMF funding to put some of our modernization efforts on the table.”