US Agencies Awarded $311 Million in Cybersecurity, IT Funds'Technology Modernization Fund' Announces 7 Projects at 4 US Agencies
Four federal agencies have been awarded $311 million to bolster the U.S. government's cyber defenses and address IT modernization challenges, according to the interagency board of the Technology Modernization Fund, a federal funding source, which made the announcement Thursday.
The seven-member TMF board announced seven awards for federal agencies to invest in "zero trust" networking, digital identity, data security, information sharing and interagency collaboration, the U.S. General Services Administration, which administers TMF, said in a statement. In total, the board considered over 100 proposals worth more than $2.3 billion.
The awards represent the first tranche of TMF funds stemming from the American Rescue Plan Act of 2021, a $1.9 trillion economic stimulus bill passed in March. The bill, which aimed to speed the nation's recovery from the effects of COVID-19, built on previous stimulus efforts and included $1.85 billion for cybersecurity funding. A $1 billion windfall was allocated to the TMF to modernize government IT and security.
Overall, it is the seventh round of TMF awards since the fund was created by the Government Technology Act of 2017. Winning projects receive incremental funding and technical support.
Prior to Congress' $1 billion investment, the fund received marginal support from Congress, with $175 million invested over three years.
According to federal officials, winning projects include:
- Zero Trust, Office of Personnel Management, $9.9 million: To improve the security of data and privacy protections for 2 million civilian federal employees;
- Zero Trust, Department of Education, $20 million: To improve security and privacy protections for over 100 million students and borrowers supported by the department;
- Zero Trust, General Services Administration, $29.8 million: To bolster the security of GSA's shared services that support millions of users and hundreds of facilities;
- Login.gov - GSA, $187 million: To promote the adoption of secure authentication for millions of users, improve the security of government systems and increase adoption of identity proofing while preventing fraud and protecting privacy;
- MAX.gov - GSA, $14.5 million: To improve interagency cooperation and communication, and strong authentication for federal employees;
- Southwest Border Technology Integration Program, U.S. DHS, $50 million: To use data and technology to "more efficiently and humanely" process noncitizens encountered at the southwest border of the U.S.
There is also one classified project.
'Just the Beginning'
In a blog post this week, Federal CIO Clare Martorana said, "With this round of TMF awards, we are securing data and privacy protections for over 100 million students and borrowers, advancing digital collaboration and data sharing across the federal enterprise, improving the authentication experience for millions of users with secure and equitable access to government services, and bolstering the security of critical shared services that support the federal government - and this is just the beginning."
And Federal CISO Chris DeRusha says of the awards, "These projects will have an immediate impact on federal cybersecurity and help inform future awards as we work to implement modern security principles across the federal ecosystem."
Rosa Smothers, a former CIA threat analyst and technical intelligence officer, tells Information Security Media Group, "The biggest implications of this TMF substantial funding increase is the ability for many agencies to further implement much-needed security protocols, for instance implementing multifactor authentication. MFA isn't a panacea, but it does add another layer to their overall security architecture."
John Ackerly, a former technology policy adviser at the White House, tells ISMG, "I applaud Congress for increasing its contribution to the TMF this year, as those funds will have a direct impact on American data protection and privacy."
Relation to Cyber Executive Order
This funding round, officials say, enhances President Joe Biden's cybersecurity executive order, which aims to holistically modernize federal cybersecurity (see: Biden's Cybersecurity Executive Order: 4 Key Takeaways).
The executive order describes how government agencies should evaluate the software they buy and mandates that executive branch agencies deploy multifactor authentication, endpoint detection and response, and encryption. And it calls for these agencies to adopt "zero trust" architectures and more secure cloud services.
When the order was issued in May, the administration said its goal is to create a set of standards to help minimize the damage caused by pervasive cyberattacks.
Smothers, currently the senior vice president of cyber operations at the firm KnowBe4, also notes, "The COVID-19 pandemic has fundamentally altered how the federal government's employees support their mission and how government provides services to its citizens. The silver lining in all of this is a stronger focus on services as well as security."
And Ackerly, the co-founder and CEO of the security firm Virtru, adds, "The downstream benefits of these investments will be significant: By modernizing technology and cybersecurity infrastructure, government agencies will be empowered to share insights in a way that increases efficiency without compromising security."
Federal officials also note that the rise in proposals stems partially from updated TMF repayment terms. According to the fund's website, the GSA administrator and Office of Management and Budget director can "establish and amend the terms of repayment to the TMF."
In addition to a full repayment, officials say they have considered proposals meriting partial repayment, along with "the most flexible … arrangements for [those tackling] the most urgent IT cybersecurity and modernization problems."