Coming in 2016: Cloud legislation
The New Year will bring a bill designed to streamline the way agencies fund, acquire and approve the move to cloud computing.
Despite pressure to modernize, agencies are still spending about 80 percent of their IT budgets maintaining old systems. A new bill, still in the planning stages, seeks to make it easier for agencies to move to the cloud in terms of both financing and obtaining authority to operate for commercial cloud systems.
Sens. Jerry Moran (R-Kan.) and Tom Udall (D-N.M.) are teaming up to sponsor the Cloud Infrastructure Transition Act of 2015. The bill would give new authority to the Federal Risk and Authorization Management Program (FedRAMP) to speed accreditation of commercial providers, establish a framework for the federal CIO to set up working capital funds for IT modernization and task agencies with strict reporting requirements designed to expose their reliance on obsolete technology.
Former House staffer Rich Beutel, who helped draft the Federal IT Acquisition Reform Act, is advising current Senate staffers on the bill.
"It started out as Son of FITARA," Beutel told FCW.
Lawmakers and staffers wanted to build on the success of the 2014 legislation with some ideas that didn't make it into the final bill. Eventually, a common theme emerged around cloud and modernization. Beutel said the new bill's backers hope it will "help agencies find the resources necessary to get off the old junk and move to new systems, which have cybersecurity built in by design."
The funding piece is designed to solve a key impediment to IT modernization: the appropriations cycle. It's tricky to set aside money to update legacy applications and move them into the cloud while still paying the operations and maintenance costs of an old system. The problem is compounded by the way appropriations are handled -- through continuing resolutions and last-second funding bills. An agency that bets on a modernization plan could find itself with no money to keep its existing systems in business during the key transition period.
"You need a bridge," Beutel said.
Although a draft bill isn't ready for stakeholder input, FCW did look at a section-by-section summary. Under the plan, the Office of Management and Budget would administer a fund that allows agencies to pursue multiyear modernization plans. The idea could be a tough sell because congressional appropriators don't particularly like flexible funding mechanisms that operate outside their control. One potential sweetener is the idea that agencies would be replenishing the fund with any savings realized by the move to the cloud.
The FedRAMP revamp in the bill is designed to legislate operational fixes to the program office with the goal of finding a way to increase the program's bandwidth. Right now, agencies can award a provisional authority to operate to cloud service providers, but those approvals don't mean much until the FedRAMP program office gives a provider a seal of approval to operate governmentwide. But the line of agency-approved CSPs is creating something of a logjam.
One idea to speed the process is to take authority to grant provisional authorizations away from agencies and have FedRAMP do the job on a fee-for-service basis. Fast lanes for CSPs that have their applications in precise order are also being contemplated.
In a way, Moran and Udall are stealth fighters for IT reform. Back when FITARA was flagging in the Senate in 2013, they offered a bill from their appropriations subcommittee that duplicated the CIO authority measures contained in a version of the bill that had passed in the House several times. Their efforts helped induce leaders on the Senate Homeland Security and Governmental Affairs Committee to work with their House counterparts on the Oversight and Government Reform Committee to move the bill.
Although FITARA didn't become law then, it ended up passing in the fiscal 2015 National Defense Authorization Act. Neither lawmaker supplied comments to FCW about the new bill.
The multiyear path of FITARA from committee meeting rooms to statute gives an idea of what's involved in passing a bill that affects $80 billion in federal spending. Once the bill is in draft form, it will be circulated for comment from stakeholders in industry and government. Although there's a long way to go, Beutel said he's confident of bipartisan support for the measure and expects it to be the main legislative push in 2016 on the IT reform front.
NEXT STORY: Bank of America Loads Up on Bitcoin Patents