Federal IT modernization and cybersecurity potentially hampered by vacancies

Over the course of the last several years, the federal government of the U.S. has engaged in certain notable endeavors intended to bolster the quality of executive agencies' IT. Back in December 2017, President Donald Trump even made this goal into a legislative priority by signing the Modernizing Government Technology Act into law. FedScoop noted that this new regulation permits federal agencies to redistribute unused funds within their existing IT budgets to serve as the bankroll for IT modernization initiatives. At the time, major federal tech contractors, such as Larry Prior, then-president and CEO of CSRA (now a subsidiary of General Dynamics Information Technology), praised the move.

"The Modernizing Government Technology Act is an important step in the journey to a next-gen federal government," Prior stated, according to FedScoop. "The MGT gives agencies more resources to modernize, helping to enable moving to the cloud, implementing shared services, and improving their cyber defenses." 

More than one year later, however, the campaigns to bring federal agencies fully into the 21st century with technologies ranging from advanced cloud infrastructure to deep learning appear to have run into some snags: Vacant executive positions in agencies such as the Defense Department, Drug Enforcement Agency, Office of Personnel Management and others could be adversely affecting modernization efforts, according to a report in FCW by Temple University instructor Min-Seok Pang. Security improvements, in particular, might be jeopardized by this issue. It behooves private-sector firms, particularly those interested in winning bids on lucrative federal contracts, to make themselves cognizant of this matter – both as an area in which to aid the government and an more general object-lesson regarding how not to proceed with IT overhauls.

White House considers vacancies a deliberate strategy

Per the findings of a joint Feb. 4 report by The Washington Post and the Partnership for Public Service, only 54 percent of the U.S. government positions whose nominees require confirmation by the Senate have been filled. In addition to the aforementioned DEA, OPM and DoD, the Office of Management and Budget, Justice Department and Environmental Protection Agency are all currently under the stewardship of acting secretaries or directors. Some high-level positions in the government haven't been filled at all, as 147 of them await nominees from the White House. In the case of 128 other roles, they have yet to receive approval from the Senate. 

Federal IT modernization and cybersecurity potentially hampered by vacancies
The administration's insistence on leaving certain agencies without permanent leaders could be hurting federal cybersecurity and IT modernization.

What's more, it appears thus far that this lack of concrete, confirmed and sworn-in positions throughout the various offices of the executive branch results from a deliberate gambit on the part of the administration. The Post noted that Trump prefers to have acting directors, secretaries and other federal leaders in place rather than Senate-confirmed officials because it "gives [him] more flexibility," to use the president's own words.

There have been some concerns expressed regarding the ethical soundness, validity and in some cases even the legality of some of the actions carried out by a number of these federal deputy supervisors, according to the Post, but the news provider noted that no ironclad evidence of any flagrantly illegal activity by these short-term leaders has surfaced as yet. (Ironically, several of the Cabinet officials or federal agency leaders who have resigned due to evidence or allegations of unethical conduct, including Scott Pruitt, Tom Price, David Shulkin and others, have in fact been handpicked, administration-backed candidates who received Senate conformation more or less without a hitch.)

Agencies facing the specter of cybersecurity threats

FCW's Seok-Pang pointed out that the main risk posed by vacant director-level positions in federal agencies comes down to money. An executive-branch department without a Senate-confirmed leader will most likely see a notable drop-off in its budgeting for IT improvements such as legacy modernization, and if the leading role remains unfilled for a year or more, that decrease reaches at least five percentage points. This phenomenon may be attributable to hesitance on the part of short-term department heads: Not wishing to rock the boat in any way during their interim tenure – for fear of what might bring detriment to their career once they resume their more customary deputy-level duties – such bosses are unlikely to enact any initiatives that have significant price tags attached or would be considered risky. The former is to some extent considered par for the course for IT modernization projects, and the benefits they could bring appear not to be worth the risk for these short-term leaders.

Falling behind the times in terms of software and hardware is one thing; allowing cybersecurity threats to potentially percolate is quite another. According to a 2017 study by Seok-Pang (in conjunction with University of Texas-Austin professor Huseyin Tanriverdi), federal agencies that skimp on their security budgets are more susceptible to data breaches and cyberattacks than those with fully funded cybersecurity management plans. By contrast, the academics' research found that even a 1 percent increase in a federal agency's IT modernization budget can facilitate a 5 percent decline in cybersecurity incidents. As such, the figures on either end of that equation call into question cost-driven arguments against cybersecurity and modernization spending. 

The onus of bolstering modernization and moving away from more easily compromised legacy software and hardware in the federal government, of course, lies solely with the administration. Yet private-sector business leaders across all industries that may be lagging behind in IT capabilities or cybersecurity readiness can learn from this example and take the necessary steps to kick-start their own digital transformation processes. Purging unsafe open-source code and other risk-producing factors from your IT infrastructure is a great first step in the right direction. 

Here at the Inventu Corporation, we equip organizations of all sizes with a revolutionary terminal emulation tool called the Flynet Viewer. This solution allows developers to craft reliable and safe software using clean HTML and JavaScript hosted on secure Windows servers. In all, the Flynet Viewer supports streamlined IT modernization and meets employer and staff expectations in a way that feels both familiar and simple. Contact us today or review our extensive product catalog to see how Inventu can optimize your infrastructure and also help you rid your servers of unsafe Java.