Author: Khan

On January 14, 2021 President Joe Biden released his new administration’s USD $1.9T plan called the American Rescue Plan. This plan shows the priorities of the new White House administration and calls for Congress to help the American people in many ways. Here are some of the most repeated words in this plan:

Suprisingly, at the end of the American Rescue Plan, there is a section that asks for increased funding to “Modernize federal Information Technology (IT) to protect against future cyber attacks”. Here are my thoughts on it:

Expand and Improve Technology Modernization Fund (TMF)

For now and the foreseeable future, technology will continue to have a direct impact on our lives. Nowhere is this more evident than in the U.S. Federal Government which is the largest purchaser of technology in the world. Recognizing this, in 2017, the Technology Modernization Fund (TMF) was created whose mission is to help U.S. Federal Government Departments and Agencies use technology efficeintly, effectively and securely.

TMF receives proposals from different U.S. Federal Government Departments and Agencies in what they want to accomplish. After vetting the proposals, TMF provides funding to the U.S. Federal Government Departments and Agencies who have a 5-year window to return the funds. TMF receives its own funding from Congress. To understand how much funds have been approved for TMF, lets look at the budget requests versus the appropriations received in the table below:

As we can see from the above table, TMF has never received the budget it has requested even though TMF’s mission is basically to benefit the American public through technology.

In regards to cybersecurity, in 2018, Cyber Security and Information Security Agency (CISA) was created whose mission is to lead at the national level to mitigate cyber and physical risks to vital infrastructure. To understand how much funds have been approved for CISA, lets look at the budget requests versus the appropriations received in the table below:

As we can see from the table above, CISA received more funds than they asked for because Congress felt the cybersecurity is important especially when it came to the elections.

The American Rescue Plan presented by President Joe Biden requests Congress to increase the combined appropriations to be $9B which will be used to increase IT shared services and cybersecurity across the U.S Federal Government. This plan also recommends removing the need of U.S. Federal Government Department and Agencies to reimburse the funds back to TMF witin 5 years. I think these are good firsts steps. However, we have to also see these $9B funds as an opportunity to:

1. Hire the right people/contractors to do the right jobs
2. Prioritize and optimize processes before cloud migration and automation
3. Apply technology at the right time with redundancy and security built-in
4. Create services that improve experiences for the American public
5. Create products that make government become more digital

Surge Cybersecurity Technology and Engineering Expert Hiring

The Office and Management Budget (OMB) is responsible for managing the Information Technology Oversight and Reform (ITOR) fund which produces quarterly reports on Government-wide IT reform efforts to save on cost of operations U.S. Federal Government Departments and Agencies. The American Rescue Plan also asks for $200M in hiring cybersecurity professionals to improve the U.S. Federal Government’s cybersecurity efforts across the government.

The problem here is two-fold:

1. IT is always asked to do more with less. This is also true in government. Sometimes IT is asked to produce cost-savings, however, IT does not and should not operate in a bubble. This means that if you truly want to transform an organiztion then the motivation should not be cost savings only. Motivation should be efficient and effective processes augmented by IT which results in frictionless operations that directly provide value to the American public.
2. While hiring cybersecurity professionals is a line of defense but it is not the only one. Cybersecurity needs to be a whole of government approach which requires cultural change in different U.S. Federal Government Departments and Agencies. This change requires everyone in these organizations to be vigilant and mechanism to be put in place that not only trains people but unexpectedly tests them too.

In both of the above issues, culture plays a very important role.

Build Shared, Secure Services to Drive Transformation Projects

The mission of the Technology Transformation Services (TTS) under the General Services Administration (GSA) is to create a digital government that can benefit the American people. They do this through various programs and services provided to different U.S. Federal Government Departments and Agencies. The American Rescue Plan has asks for $300M so that TTS can create more programs and services that can be used. In order for this to work:

1. We have to make sure that different U.S. Federal Government Department and Agencies see TTS as not the last resort but the first option to consider.
2. While TTS’ solutions in Data and Analytics, Innovation, Public Experience, Secure Cloud, Smarter IT, Cloud.gov, Login.gov and other Free and Low-Cost Tools are great but they are not enough. I think TTS should expand its mandate to become a “connector” between different agencies so that redundancies can be reduced and lessons learned can be shared.

Improving Security Monitoring and Incident Response Activities

The American Rescue Plan asks for an additional $690M for CISA to improve shared cybersecurity and continue to moving towards the cloud. What the SolarWinds debacle has taught us is that not only we are highly reliant on technology but also on its interconnectness. This means that to tackle security monitoring and incidence response, we have to to think holistically. This requires us to start with the basics:

1. Determine the number of legacy systems government-wide
2. Determine how often those legacy systems are updated/patched
3. Determine if those legacy systems are too big to fail
4. Determine what (budget, expertise, time) is missing to replace legacy systems
5. Determine what data is fed/received from those legacy systems

Other Areas Where IT can Help

IT can help in other areas mentioned in the American Rescue Plan too. Here are a few suggestions:

1. For a national vaccination program, contain COVID-19, and safely reopen schools:
   • Create a system that automatically pulls data from the COVID-19 tracking systems of States, Localities, Tribes and Territories. Use this data to determine which areas have the fastest rates of spread and then deploy/create vaccination centers in those areas first. Encourage States, Localities, Tribes and Territories to share thier mitigation steps and result in this portal as well so that lessons can be learned. Make this system publically available.
   • Create a system that tracks what tests have been done, what tests needs to be done, frequency of tests required and what States, Localities, Tribes and Territories did after tests were administered.
   • Create a system that pulls in contact tracing data from all States, Localities, Tribes and Territories. Use this data to determine movement of the virus across jurisdictions.
   • Create a system that tracks what communities are underserved.
   • Create a system that tracks supplies, usage, disposal and waste.
   • Create a system that automatically tracks virus data from other countries, it spread rate and any mitigatrion strategies that proved helpful in reducing infections.
2. For delivering immediate relief to working families bearing the brunt of this crisis:
   • Create a system that takes into account the cost of living for government assistance so that States, Localities, Tribes and Territories support can effetively be augmented by the U.S. Federal Government.
   • Create a system that tracks assistance of healthy nutrition options in relation to health issues in that community.
   • Create a system that tracks which organizations do not provide paid sick leave to their employees.
   • Create a system that tracks which organizations do not give $15/hour to thier employees.
   • Create a system that tracks which organizations do not provide back hazard pay to their employees.
3. For providing critical support to struggling communities:
   • Create a system that provides seed funding to individuals especially people of color to easily start businesses.
   • Create a system that incentivizes and tracks States, Localities, Tribes and Territories public transit efforts.