OMB has issued for public comment proposed guidance to agencies to identify and prioritize IT systems in need of upgrades, saying that many “rely on aging computer systems and networks running on outdated hardware and infrastructure that are expensive to operate and difficult to defend against modern cyber threats.”
“As more and more data is stored online, the need to protect against the adverse consequences of malicious cyber activity becomes more pressing each year,” it said.
Of the $82 billion in federal IT spending planned for 2017, 78 percent is dedicated to maintaining legacy IT investments, and “over the years, agency efforts to modernize existing IT systems have faced substantial challenges. The high costs, lack of funding, and risks associated with modernization efforts, combined with the increasing cost to maintain existing systems, harm agencies’ ability to manage their IT systems strategically and deliver the functionality needed to achieve their missions. Furthermore, operational risks arise when these systems cannot adapt to current or expected mission requirements, user needs, operating environments, or are no longer cost justifiable,” it added.
Key features of the strategy include requiring agencies to:
Focus in their strategic plans, or “enterprise roadmaps,” on opportunities such as through shared services or cloud services to modernize investments within their IT portfolios and reduce legacy IT spending;
Prioritize their information systems for modernization using common criteria established by OMB and GSA based on security risks, operational risks, business suitability, modernization impact, and ability to execute;
Submit to OMB modernization profiles of systems that have been prioritized for modernization, retirement, or replacement; and
Incorporate modernization into regular budget planning.
