The Biden-Harris administration wants congressional approval for a massive spending plan that will enable the incoming team to hit the ground running, including more than $10 billion for a spate of IT and cybersecurity initiatives, some of which would fundamentally change federal programs.
The transition team for President-elect Joe Biden released a $1.9 trillion plan to help the U.S. recover from a crushing year of economic instability caused by the COVID-19 pandemic. While most of the American Rescue Plan focuses on vaccine rollout, stimulus checks and job creation, a fact sheet detailing specifics of the plan also includes funding for IT modernization and cybersecurity upgrades for federal agencies.
“In addition to addressing the public health and economic crises head on, the president-elect’s plan will provide emergency funding to upgrade federal information technology infrastructure and address the recent breaches of federal government data systems,” the fact sheet states, alluding to the recent SolarWinds breaches. “This is an urgent national security issue that cannot wait.”
The plan calls on Congress to “expand and improve” the Technology Modernization Fund, including a multibillion-dollar cash infusion and overhauling the structure of the program.
“A $9 billion investment will help the U.S. launch major new IT and cybersecurity shared services at the Cyber Security and Information Security Agency and the General Services Administration and complete modernization projects at federal agencies,” according to the fact sheet.
The TMF—established as part of the Modernizing Government Technology Act of 2017—was designed to be a self-sustaining centralized pool from which agencies can apply for loans for technology upgrades. To date, Congress has only approved a maximum of $150 million for the fund: After an initial outlay of $100 million, lawmakers have declined to add more than $25 million per budget cycle. Biden’s proposal dwarfs those amounts.
The program works through a proposal-approval process, in which a board of federal technology officials review pitches from agencies and pick the projects they believe will have the greatest return on investment and ability to scale across government. Currently, agencies must repay the fund over three to five years.
Under the Biden plan, that repayment schedule would be altered to “fund more innovative and impactful projects,” though it does not explain what that new structure would look like or how it would support innovation and impact.
The plan also calls for a direct award to CISA and GSA to improve cybersecurity shared services. It is unclear how that would work with the TMF Board’s proposal process. Under the current structure, any projects to boost shared services offerings from CISA or GSA using TMF resources would first need to go through the full approval process.
CISA already leads on several governmentwide cybersecurity initiatives, including heading the cybersecurity-focused Quality Service Management Office. The plan does not specify whether Biden would continue the Trump-era QSMO program or start a new shared services effort.
The new administration wants an additional $690 million for CISA to “bolster cybersecurity across federal civilian networks, and support the piloting of new shared security and cloud computing services.”
The wording in the plan suggests that under the Biden-Harris administration, GSA’s Technology Transformation Services would shift away from a fee-for-service.
The incoming administration wants a significant infusion of funding—$300 million—for TTS, which houses intra-governmental technology consulting services like 18F, the Presidential Innovation Fellows and the Centers of Excellence. While these programs currently work on a fee-for-service basis—paid by the customer agencies—the new funding would “drive secure IT projects forward without the need of reimbursement from agencies,” more akin to shared services, the plan states.
Along with funding for programs, the plan also requests $200 million to staff up with more IT and cyber talent. Specifically, that funding would be used “for the rapid hiring of hundreds of experts to support the federal Chief Information Security Officer and U.S. Digital Service.”
Per the plan, that funding would reside in the Information Technology Oversight and Reform, or ITOR, fund, which is controlled by the OMB director. The infusion of $200 million would be a significant increase for the fund, which has never received more than $30 million from Congress in a given year.
All totaled, the plan requests almost $10.2 billion in new IT investments.
“By including robust funding for TMF, ITOR, and GSA in the COVID relief plan, President-elect Biden is making it crystal clear that he believes the only way that agencies can carry out this robust plan is through immediately and effectively investing in IT modernization,” Matthew Cornelius, executive director of the Alliance for Digital Innovation and former senior technology and cybersecurity advisor at OMB during the Trump administration, told Nextgov, calling the $9 billion for TMF “a revelation.”
“Such a substantial increase, along with the request to relieve the onerous repayment requirements, will enable OMB and GSA to not only fund important individual agency programs but make immediate, enterprisewide IT modernization investments across multiple federal agencies,” he said.
While the plan differentiates between COVID-19 recovery and remediating the fallout from the SolarWinds breaches, Cornelius suggested the surge in IT funding could serve both goals.
“Improving the government data sharing, identity management, and collaboration tools capabilities—to start—would unleash a more powerful, coordinated response across the government to improve the federal response to our multi-faceted COVID and economic challenges,” he said.