US federal agencies to upgrade cyber and data capabilities as part of government-wide IT plan

The Biden administration is to focus on improving cybersecurity and data analytics capabilities across federal government as part of an IT modernisation plan published by the Office of Management and Budget (OMB).
The framework sets out the government’s aspirations to more fully embrace digital technologies and improve customer experience, and to harness data for strategic purposes whilst protecting it from cyberattacks.
Clare Martorana, the OMB’s federal chief information officer, said that the federal government was “at a unique moment in time to drive digital transformation”, having received US$1.35bn in funding for IT modernisation through the American Rescue Plan (ARP). The ARP is the country’s US$1.9 trillion pandemic stimulus package.
“We recognise the significant investment that congress has made in securing and modernising federal IT and have assembled this plan to explain how we ensure the wise investment of each dollar congress has entrusted to us towards its highest use – creating the most impact for the American people,” Martorana said.
Read more: Biden signs executive order to beef up cybersecurity in US
According to the framework report, OMB’s aim is to “maximise the impact” of three funds tasked with supporting agency IT upgrades. These comprise the Information Technology Oversight and Reform (ITOR) account, a fund geared towards government efficiency, effectiveness, and security; the Federal Citizen Services Fund (FCSF), which supports public engagement with federal government through a variety of cross-government programmes; and the Technology Modernization Fund (TMF), which enables agencies to access capital.
OMB said it would plough the US$200m currently held by the ITOR account into hiring technical experts to lead IT modernisation projects across departments. Meanwhile, the General Services Administration is expected to channel US$150m from the FCSF into improving customer experiences for agencies deemed high-impact service providers.
Under the TMF, to which US$1bn was allocated via the ARP, work will be undertaken to identify and capitalise on new opportunities for shared services across the federal government. According to the report, in the last month the TMF Board has received more than 130 proposals requesting over US$2.5bn from more than 60 federal agencies and components.
Attack and defence
US president Joe Biden signed an executive order on strengthening cybersecurity in May last year. It contained a range of measures to bolster national IT infrastructure, including a joint public-private panel that will review hacking incidents.
The order followed a number of cyberattacks last year which sought to manipulate weaknesses in the cybersecurity systems of private sector providers of essential services. One attack struck days before the order was signed, causing America’s largest pipeline system for refined oil products, Colonial Pipeline, to shut down its main network for five days.
Upcoming webinar: Adapting to increased risks: cyber and data security in the age of uncertainty
During a press briefing on the executive order, a senior administration official blamed a “laissez-faire attitude towards cybersecurity” and “poor software security” for the incidents, which also included attacks on SolarWinds and Microsoft Exchange.
The government was criticised at the time for its frequent use of vulnerable software in some of its most critical systems and infrastructure.
The new framework lists four priority areas across which federal agencies will be expected to fulfil the requirements of Biden’s executive order. These include using ‘Zero Trust’ architecture, which only grants access to data through a series of authentication checks based on access policy. Others include bringing services up to par with modern customers’ expectations, keeping pace with the evolution of IT, and leveraging data to inform government operations.
In addition to improving cybersecurity, the framework said delivering better customer service was critical. It said that the American public is increasingly used to “well-designed interactions” with consumer products and services that are “easy and intuitive”. It added that the public “rightfully wants, expects, and deserves the same experience when interacting with government”.
“By uniting behind an IT operating plan – enabled by an enterprise view – we can see what’s working, fill tech talent gaps, and help agencies course-correct, while driving innovative ways of working and building modern service delivery into the public’s daily interactions with government,” it said.
Read more: US agencies fall short on cyber risk management, GAO report finds
Like this story? Sign up to Global Government Forum’s email news notifications to receive the latest updates in your inbox.