The American Technology Council Releases Plan for Industry Feedback

Earlier this year, President Trump formed the American Technology Council (ATC) in order to assemble those from government and industry to help the ever ominous problem of modernizing federal IT. Subsequently, developed by experts chosen by the GSA Administrator, Secretaries of DHS and Commerce and Director of OMB, ATC released its first report on August 30 as a first step in modernization. The plan was released publicly in order to solicit industry feedback until September 20.

In describing the burden and cost of modernizing government IT infrastructure, ATC identified the well-known reasons why agencies have been unsuccessful in attempting to modernize their systems: 1) resource prioritization; 2) ability to procure services quickly; and 3) technical issues. Within the report’s executive summary, direction is given to agencies to realign IT resources through the fellowship of CIOs, CFOs and Senior Agency Officials for Privacy in conjunction with OMB and to identify which systems are in most need of prioritization and the strategies to reallocate resources to those needs accordingly. Furthermore, the summary also suggests that agencies consider halting or pausing any upcoming procurement actions related to further development or enhancement of those legacy IT systems that need modernization. The modern technologies stressed within the report include cloud, shared services and agile development.

The report is formatted around two main categories: modernization and consolidation of networks and shared services to enable future network architectures. Each main category is broken down by a subset of categories:

• Network Modernization and Consolidation
  • Prioritizing High-Risk High Value Assets (HVAs)
  • Modernizing Trusted Internet Connections (TICs) and National Cybersecurity Protection System (NCPS)
  • Consolidating Network Acquisitions and Management
• Shared Services to Enable Future Network Architectures
  • Accelerate Adoption of Cloud Email and Collaboration Tools
  • Improve Existing and Provide Additional Security Shared Services
  • Security Operations Center as a Service (SOCaaS)

In the plan, both main and sub-categories contain objectives/visions as well as respective implementation plans. Each implementation plan contains several steps with deadlines set within the span of a year for agencies and relevant lead agencies to meet.

Network Modernization and Consolidation

Within this section, the report states that the goal is to shift agency focus on security by placing protections closer to data and improving the management and authentication of devices and user access. Additionally, the report seeks to improve visibility behind the network level and ensure that agencies prioritize IT resources and personnel to implement data protections and situation awareness through options such as cloud-based services. In order to achieve this, the report describes a process to identify, categorize and prioritize High-Risk High Value Assets (HVAs) – those systems in need of modernization that contain increased risk and vulnerabilities. Moreover, the plans seeks each agency to report cloud-ready projects and comply with Trusted Internet Connection (TIC) policy with a goal to accelerate migration on three cloud-ready systems within a year. Identifying the new EIS contract as flexible and cost saving for agencies, the ATC plan instructs DHS and GSA to assist with small agencies acquiring Managed Security Services to help consolidate networks.

Shared Services to Enable Future Network Architectures

The report pushes government to shift to a consolidated IT model, congruent with category management practices, by embracing the use of cloud services and acquiring cloud products that meet cybersecurity needs. Agencies must choose one of two methods when it comes to cloud – “Bring Government to Cloud” or “Bring Cloud to Government” - the first being most favorable. To do this, the report’s overarching implementation plan for this section consists of the identification of systems ready for cloud migration amongst agencies wherein, OMB and GSA will detect the weaknesses hindering migration and determine the personnel and capital needed to prioritize cloud migration.

Implications

In reading through this new ATC plan, things look promising for the contracting industry. Throughout the report, references to commercially available services and products, especially in cloud, are continually highlighted and encouraged. For instance, contracting offices will be guided to offer commercially provided Security Operations Center as a Service (SOCaaS). Moreover, a focus on streamlining, quickening and improving the acquisition process is dotted throughout. For example, the report calls for an Acquisition Tiger Team (ATT) under OMB to draft a “quick start” package to help with quicker cloud license and migration service acquisitions. Expansion of offerings under Schedule 70 for assistance in modernizing HVAs is also mentioned.

In a blog announcing the report, Director of ATC and Senior Policy Advisor with OSTP, Chris Lidell and Jack Wilmer, write “Much of this plan is built on industry best practices, and a major point of emphasis is to maximize use of commercial capabilities.  This will result in a close partnership with industry to be able to achieve our targeted vision.  Given this, we are collectively looking for feedback from industry to ensure that we have adequately described our end-state and that we are best leveraging industry capabilities in our plan to get there.”