The General Services Administration has awarded millions of dollars in technology modernization funding to the U.S. Selective Service System to help boost the cybersecurity of its draft registration system.
The nearly $6 million will go toward a number of improvements to the IT operations of the small agency, which has just 115 employees and an annual budget under $30 million. The upgrades include modernization of its Registration, Compliance and Verification software system, including migration to a cloud-based software and data architecture, enhanced protections around personally identifiable information and user experience upgrades for public facing parts of the system.
While no draft is currently present, registration remains in place as a way for government to keep a list of names of men from which to draw in case of a national emergency requiring rapid expansion of our Armed Forces. The RCV system is an Intranet application used by only authorized SSS’ personnel. It provides a central repository for all data related to active registrants and potential violators.
“The agency’s registry is critical in the event of any national emergency requiring a mobilization for national defense. Annually, the SSS’s team of 115 manages over two million selective service registrations and approximately six million enrollment verification checks,” reads a justification for the project listed at TMF.cio.gov. “This registration data also provides eligibility verification for student aid, over four million Federal civilian and local government jobs, free job training, and a potential streamlined process for citizenship.”
According to a project description provided on the website for the Technology Modernization Fund, the improvements are expected to reduce maintenance costs, improve resiliency, provide more advanced data analytic capabilities and create an architecture with redundant geographic locations. The RCV system is designated as a high value asset – meaning it is considered one of the most important IT systems and per a directive from the Cybersecurity and Infrastructure Security Agency, should be prioritized for cybersecurity resources and improvements.
Maturing cybersecurity operations has been a stated goal of the SSS for years. In its most recent budget justification, the agency highlighted the need to modernize its Registration, Compliance and Verification System and other software applications that ensure continuous monitoring, enterprise risk management and better protection of personal identifiable information.
In a statement, Federal Chief Information Officer Clare Martorana said the investments “will allow SSS to move quickly to scale technical operations to meet the nation's needs through a cloud-first software and data architecture that protects the data of millions of customers.”
The funding represents another instance of the TMF being used explicitly to modernize the cybersecurity operations of critical federal department and agency systems. Last year, the fund awarded more than $260 million in funding to five different agencies for security improvements to Login.gov, “zero trust” security upgrades for the GSA, Department of Education and Office of Personnel Management, as well as secure cloud migration for interagency collaboration tool Max.gov.
Agencies are typically required to pay back any funding they’ve received through the program via cost savings and other revenue sources, but the Biden administration moved to relax those requirements last year for cybersecurity-related projects, citing a need to respond to the SolarWinds hack and other campaigns against U.S. government systems.