US aims to step up security for federal datacenters: Both physical and cyber

Bit barns threatened by malware flingers, but fire, storms, or bad guys arriving at the sites are also bad news


Proposed legislation in the US will seek to ensure greater protection for government datacenters from the threat of cyberattacks, but also physical dangers such as natural disasters and terrorism.

The Federal Datacenter Enhancement Act of 2022 would require the White House Office of Management and Budget (OMB) to coordinate a government-wide effort to develop greater security requirements for federal data facilities.

These relate to cyber intrusions, datacenter availability, mission-critical uptime, and resilience against physical attacks, wildfires, and other natural disasters, according to a statement from Senator Jacky Rosen, one of the three introducing the bipartisan bill.

Rosen is a member of the Senate Homeland Security and Governmental Affairs Committee (HSGAC), while Senator Gary Peters is its chair and the third backer of the legislation is Senator John Cornyn.

"With the increasing threat of cyberattacks and natural disasters, we must ensure the integrity of our nation's critical information by protecting datacenters like Switch in Las Vegas," said Senator Rosen, claiming the bill will enact new security and resiliency standards to keep data safe.

Meanwhile, Senator Cornyn said the legislation would not only secure federal data but encourage optimization, which would save taxes as well as protecting Americans who entrust their information to the federal government.

But the Act does not specify these measures, and appears to leave it up to the Administrator of General Services to consult with the Director of the Cybersecurity and Infrastructure Security Agency and the National Cyber Director in order to determine the requirements that must be met.

The Act itself is an amendment to the earlier National Defense Authorization Act for Fiscal Year 2015, modifying requirements relating to datacenters. The text notes that the authorization within this for the Federal Data Center Optimization Initiative (DCOI) expires at the end of 2022, giving Congress an opportunity to review the objectives of the DCOI to meet the current needs of the Federal Government.

The DCOI actually started in 2010 with a focus delivering greater efficiency in government IT infrastructure, such as through the consolidation of datacenters used by federal agencies.

According to the three senators, this has already resulted in the consolidation of more than 6,000 federal datacenters and delivered cost savings estimated to be $5.8 billion.

Senator Rosen noted that the new Act "builds on this success, shifting the policy focus from consolidation to optimization, security, and resiliency."

However, in March of this year, the US Government Accountability Office reported [PDF] there had been "mixed progress" against the OMB's datacenter optimization targets in recent years.

smalltown

Fights, floods, and fortunes when cloud giants roll into town

READ MORE

It said that for fiscal year 2020, federal agencies had closed a total of 96 datacenters, and as of August last year, closures had amounted to 51, with another 29 planned closures expected by the end of that fiscal year.

The GAO reported that as of August 2021, the agencies expected to realize a cumulative total of $6.6 billion in cost savings from fiscal years 2012 through 2021, although it warned at the time that closures and savings were expected to slow in the future according to the DCOI strategic plans. For example, seven agencies reported that they planned to close 83 datacenters during fiscal years 2022 through 2025, with an estimated total saving of $46.32 million. ®


Other stories you might like

Biting the hand that feeds IT © 1998–2022