In-brief: The U.S. Government spends the lion’s share of its IT budget maintaining legacy technology, some of it 30 and 40 years old. That trend is getting worse and depressing investment in newer technology, a report by the Government Accountability Office warns.
The U.S. Government is dangerously dependent on “legacy” technology, some decades old, that is expensive to maintain, insecure and an obstacle to the development of more efficient services, according to a report by the Government Accountability Office.
The Government spends three quarters of its $80 billion information technology (IT) budget on operations and maintenance (O&M, to use GAO’s terminology) – essentially to maintain outdated hardware and software, GAO said. That spending dwarfs federal investment in technology modernization and, in fact, has driven down government investment in system modernization by some $7 billion since 2010, GAO found.
Many of the U.S. government’s systems are becoming “increasingly obsolete,” relying on outdated language and hardware that are no longer supported. Among the GAO’s list of horrors:
- The Individual Master File at the Department of Treasury, which is described as “the authoritative data source for individual taxpayers” is written in Assembly language – a 1950s era programming language – and runs on an IBM mainframe computer.
- The Strategic Automated Command and Control System, which coordinates the operational functions of the U.S.’s nuclear forces, is a 53 year old system that runs on an IBM Series/1 Computer, which dates from the 1970s. It is operated using 8 inch floppy disks, which fell out of favor in the late 1980s.
- The Department of Veterans Affairs Personnel and Accounting Integrated Data system, which automates time and attendance fore employees, is writing in the COBOL, programming language – cutting edge in the 1950s and 60s – and runs on an IBM mainframe
GAO analyzed some 7,000 IT investments by the U.S. government and found that 5,233 of them were devoted entirely to “O&M activities”: the maintenance of legacy systems, GAO said. Technology systems that were three, four and even five decades old were documented in the report at use in major agencies including Defense, Health and Human Services, Homeland Security and Commerce.
[Read more Security Ledger coverage of GAO reports here.]
What’s the fix? GAO notes that The Office of Management and Budget (OMB) has directed agencies to identify IT O&M expenditures for less efficient systems (that is: not hosted or cloud-based). Agencies reported planned spending of nearly $55 billion on such non-provisioned IT in fiscal year 2015, which means that close to $.70 of every $1 on information technology is spent on systems that the OMB considers “less efficient.”
GAO notes that the government has not set clear targets or goals for investing in more efficient systems, even as it has suggested that it prefers such investments.
Many O&M investments in GAO’s review were identified as moderate to high risk by agency CIOs, and agencies did not consistently perform required analysis of these at-risk investments. Further, several of the at-risk investments did not have plans to be retired or modernized, GAO said. That includes the decades old systems at Treasury and Veterans Affairs.
GAO recommended that the Office of Management and Budget identify and publish goals for O&M spending and give agencies a date by which to issue guidance on replacing legacy systems and modernizing. The agency advises the Secretaries of Commerce and Treasury to tell agency-level CIOs to ensure that required analyses are performed on investments in the operations and maintenance.
The GAO is a frequent critic of Federal Government information technology. But it is hardly the only critic. A “30-day cybersecurity sprint” headed by Federal CIO Tony Scott and OMB in 2015 identified a long list of problems. Chief among them: identifying high value information and assets on government networks, responding to cyber incidents in a timely manner and finding and keeping qualified information security staff.