The Biden administration’s first complete budget request was light on technology and cyber policy and process changes. But it was definitely full of hope.
The hope that Congress will fund the Technology Modernization Fund (TMF) at another $500 million for fiscal 2022 after putting $1 billion into it as part of the American Rescue Plan Act.
The hope that agency workforces will grow by as much as 9.6% at the Department of Housing and Urban Development (HUD) or 7.4% at the Environmental Protection Agency (EPA), after years of being stagnant or seeing reductions.
And the hope the largely flat Defense Department request and the decision to do away with the Overseas Contingency Operations (OCO) account will not be over taken by the defense hawks, lobbyists and the Pentagon itself continuing the drum banging over near peer competition and losing the next great power competition.
Like every White House budget request, the Biden version is full of ideas and concepts that begin the long conversations with Congress. The goal, of course, is that these efforts will culminate not with the threat of yet another partial government shutdown or multiple continuing resolutions, but agencies knowing where they stand with enough time left in fiscal 2022 to hire employees, improve technology and continue to prove the value of federal programs and policies.
“The budget makes these investments in a way that’s responsive to both the near- and medium-term economic landscape, as well as the long-term challenges our country faces. In the near-term, the decades-long, global trend of declining interest rates, even as publicly held debt has increased, gives us the fiscal space to make necessary upfront investments,” said Shalanda Young, acting director of the Office of Management and Budget (OMB), during a call with reporters on May 28. “Under the budget policies, the real cost of federal debt payments will remain below the historical average through the coming decade, even as the budget assumes that interest rates will rise from their current lows, consistent with private-sector forecasts. Low real debt service payments show that the cost of these upfront investments is not burdening the economy. To the contrast, failing to make these investments at a time of such low interest costs would be an historic missed opportunity that would leave future generations worse off. This budget does not make that mistake, and it invests — its investments will pay dividends for generations to come. Over the long run, when we face larger fiscal challenges and more uncertainty about interest rates, the budget will reduce the deficit and improve our nation’s finances.”
Anyone who has paid attention to this annual exercise over the last two decades knows that the budget request has been more of a policy document than a funding effort based on reality. This is especially true for technology, cybersecurity and government reform efforts.
This year, however, the analytical perspectives chapter, where most of these policy ideas usually live, is full of “mom and apple pie” quotes like, “Cybersecurity is an important component of the administration’s IT modernization efforts….” or “Federal agencies’ ongoing efforts to modernize their IT will enhance mission effectiveness and reduce mission risks through a series of complementary initiatives…”
So to find the real policy ideas and see where OMB wants agencies to move, you have to dig a little deeper.
Here are the budget items that help demonstrate the Biden administration’s IT and cyber policy goals. These are not in any specific order.
A better chance for working capital funds
Usually any discussion about IT and cyber starts with the TMF. But for this one, let’s start with that other piece of the Modernizing Government Technology (MGT) Act that has the potential for more impactful, working capital funds. Over the last few years, several agencies have asked for this authority from Congress, but only the Small Business Administration (SBA) has received it.
The Labor Department is asking for authority to create an IT working capital fund (IT WCF) using MGT Act authority. “This IT WCF would include all activities currently financed through the WCF, as well as the development and operational costs for agency-specific applications currently funded directly by agencies. Shifting these activities into an IT WCF has no impact on total spending at the department.”
Labor is asking for $37.2 million for IT modernization efforts in 2022, up from $29 million in 2021 and $26 million in 2020.
The Office of Personnel Management (OPM) also seems to be requesting authority for an IT WCF too. The budget says it plans to “transfer salaries and expenses extra funding into the IT WCF.”
OPM’s CIO’s office asked for $73 million in 2022, up from $39 million in 2021 and $46 million in 2020.
The U.S. Agency for International Development also is seeking IT WCF authority for at least a third year in a row. It is asking to transfer 5% or up to $30 million to the fund.
Congress added a provision in the 2021 budget that says no more than 3% of salaries and expenses and business loans program account may be transferred to IT WCF. SBA says it expects to have $2 million in the IT WCF in 2022, down from $7 million in 2021.
The SBA’s CIO’s office asked for $30 million in 2022, down from $48 million in 2021, but up from $29 million in 2020.
Interestingly, the Environmental Protection Agency has run a working capital fund since 1997 and says the MGT Act gives it additional authority to use the money for IT modernization efforts, such as its enterprise human resources IT services and regional information technology service and support, managed by EPA Region 8. EPA expects its WCF to have $354 million in 2022.
Few other, if any, agencies have taken a similar interpretation of the MGT Act, which is why Sen. Maggie Hassan (D-N.H.), chairwoman of the Homeland Security and Governmental Affairs Subcommittee on Emerging Threats and Spending Oversight, plans to add a technical amendment to the MGT Act to fix this challenge.
Interestingly enough, the Department of Homeland Security says it is shutting down its non-MGT Act working capital fund. In 2020, the WCF had $424 million.
“DHS and the Working Capital Fund (WCF) governance board decided to dissolve the WCF in 2021. This decision was reached after conducting strategic reviews of the WCF governance criteria and discussions within the Management Directorate on their business strategy for providing services to their customer base,” the budget documents state. “As a result, no funds are included in the 2022 Budget. All activities were removed from the WCF with base transfers in 2021. DHS components will transfer funds to the servicing management lines of business for fee-for-service and governmentwide mandated services.”
Finally on a related WCF note, the Transportation Department (DoT) plans to spend $93 million from its $726 million agencywide central account “to continue the department’s implementation of a shared services environment for commodity information technology (IT) investments. The IT shared services initiative will modernize IT across the department and improve mission delivery by consolidating separate, overlapping, and duplicative processes and functions.”
The CIO’s office is asking for $17.7 million in 2022.
The budget also says DoT will continue consolidating commodity IT services across operating administrations with a focus on investment-level commodity IT, as well as IT security and compliance activities. It will use shared services to enable the department to improve cybersecurity, increase efficiencies and improve transparency in IT spending.
The cybersecurity growth continues
The Biden administration is asking for $9.8 billion for federal civilian cybersecurity in 2022. This would be a 14% increase over 2021. The Defense Department says its cybersecurity budget request in 2022 is $10.4 billion, bringing total cyber spending above $20 billion governmentwide for the first time.
Included in the overall request is $20 million for a new Cyber Response and Recovery Fund (CRRF) run by the Cybersecurity and Infrastructure Security Agency (CISA) to improve national critical infrastructure cybersecurity response.
“In the first year, the administration proposes to pilot the CRRF, limiting funding during the pilot phase to supporting non-federal entities in responding to, and recovering from, a critical cyber incident,” the budget documents state. “The CRRF would be purpose restricted to carrying out CISA’s existing statutory authorities for cyber response and recovery in support of critical infrastructure and during a significant cybersecurity incident as defined in Presidential Policy Directive (PPD 41): United States Cyber Incident Coordination. Funds would only be available if all criteria were met and if the President had approved use of the funds.”
Sens. Gary Peters (D-Mich.) and Rob Portman (R-Ohio) introduced the bill to create the fund on May 12 that would enable CISA to more easily coordinate federal and non-federal response efforts to a major cyber incident. The bill authorizes $20 million for the fund.
The Biden request also includes $15 million to support the Office of the National Cyber Director, which Congress established in the National Defense Authorization Act of 2021.
In all, the Biden administration is asking for $1.7 billion in total funding for CISA, including $913 million for cybersecurity. Of that, $350 million would be for procurement construction and improvements account, down from $439 million in 2021 and $481 million in 2020. This account typically funds the continuous diagnostics and mitigation (CDM) program as well as the national cybersecurity protection system initiatives like EINSTEIN and automated information sharing. The budget did not break out CDM or other programs specifically.
Beyond CISA, several agencies are seeking increases in cybersecurity funding, including those impacted by the SolarWinds attack.
The Treasury Department, for example, is asking for $137 million for its cybersecurity enhancement account (CEA), which is $114 million more than usual to provide “resources to strengthen Treasury’s cybersecurity posture and address the impacts of the SolarWinds incident.”
The CEA supports departmentwide and bureau-specific investments of high value assets and provide more enterprisewide services.
The Energy Department’s CIO office is asking for $68 million in 2022 after making no specific line item requests in 2021 or 2020. While the request doesn’t say what the money would be used for, it’s easy to assume that at least some of the funding is for cybersecurity. Energy wrote in the 2022 request that “significant investments will address cyber vulnerabilities identified as a result of SolarWinds incident of December 2020.”
Energy also is looking to merge two cyber offices with the Defense Critical Energy Infrastructure (DCEI) Energy Mission Assurance functions moving into the Office of Cybersecurity, Energy Security and Emergency Response (CESER). The merger would bring the cybersecurity sharing and support efforts with the electric utility industry under CESER’s purview.
Energy is requesting $201 million for CESER, up from $157 million in 2021 and $158 million in 2020.
Beyond the SolarWinds attack, agencies are seeking more funding on cyber defensive efforts.
The FBI is seeking $15.2 million to defend itself from cybersecurity threats.
The Agriculture Department CIO requested $101.1 million, including $56 million for cybersecurity requirements. The overall request is up from $67 million in 2021 and $65 million in 2020.
The Commerce Department is asking for $126.9 million for technology modernization projects. This funding would be divided up with $20 million for business application system modernization and $106.9 million for cybersecurity risk mitigation.
IT modernization beyond the TMF
The federal civilian IT budget request reaches $58.4 billion, a 2.4% increase over 2021. The Biden administration, for reasons unknown, didn’t include the Defense Department’s IT or cyber budget requests in the analytical perspectives. So it’s hard to get a sense of how much the overall federal IT budget is increasing.
The Federal IT Dashboard says DoD will spend about $37.1 billion on IT in 2021, up from $36.6 billion in 2020. In its 2022 request, DoD says it’s moving funding around to meet needs in artificial intelligence, 5G and other emerging technologies.
Using these numbers as the baseline, total federal IT spending would be more than $95.5 billion.
As mentioned earlier, the administration wants another $500 million for the Technology Modernization Fund (TMF). What’s interesting with this request, which comes under the General Services Administration’s budget because they manage the fund, is they expect to carry over $811 million out its $1.086 billion 2021 and 2020 funding.
This seems to highlight that OMB and the TMF Board expects to hand out less than $200 million from the TMF over the next four months.
The two other funds that help with IT modernization also are seeing solid support.
On one hand, GSA’s Federal Citizen Services Fund is asking for an increase to $59.2 million, up from $55 million in 2021.
OMB’s IT Oversight and Reform (ITOR) fund seeks $10.4 million in 2022, up from $5 million in 2021 and $6 million in 2020.
OMB says the additional money will be used for the Federal Acquisition Security Council (FASC) and to implement its sharing of supply chain risk information and exercise its authorities to recommend issuances of removal and exclusion orders to address supply chain security risks within agencies.
The administration also offered more details about its plans to use the $200 million for U.S. Digital Service that was in the American Rescue Plan Act.
USDS plans to increase its full-time employees to 271 in 2022, up from 161 this year. It says the larger number of employees will enable “USDS to quickly address technology emergencies, ensure access and equity are integrated into products and processes, and help agencies modernize their systems for long-term stability.”
USDS, however, expects fewer employees, 60 compared to 63, to be reimbursable through agency fees.
The Justice Department (DoJ) also is seeking a hefty increase in its IT modernization account.
DoJ says it wants $141 million for its Justice Information Sharing Technology fund. That is up from $84 million in 2021 and $68 million in 2020.
“IT transformation is an ongoing commitment to evolve DoJ’s IT environment by driving toward shared commodity infrastructure services and seeking simplified design and implementation of tools to advance the mission. These efforts allow DoJ to shift from custom, government-owned solutions, to advanced industry-leading offerings at competitive pricing. The OCIO recognizes modernization as an ongoing activity, requiring IT strategies to adapt as technology changes,” the budget document stated.