recommended reading

SSA's new data center is at least five years away, while the existing center risks 'catastrophic failure'

It will take the Social Security Administration at least until mid 2016 to build a new data center to safely handle and store nearly 500,000 electronic records that determine benefits. Meanwhile, the agency's current data center is in danger of "catastrophic failure," government officials told two congressional subcommittees Friday.

The 30-year-old National Computer Center in Baltimore, Md., is plagued by an inadequate heating and cooling system, a power system so old that spare parts are no longer made, and clogged and corroded plumbing, Kelly Croft, Social Security's deputy commissioner for systems, told two House subcommittees.

Problems with any of those systems could shut down the data center and disrupt Social Security payments for days, he said.

Plans to build a new computer center fell a year behind schedule as the Social Security Administration, the General Services Administration and members of Congress wrangled over where the $500 million building should be built.

GSA, which operates many of the federal government's buildings, selected a site in Urbana, Md., about 40 miles west of Baltimore, but that prompted questions from the House Ways and Means Committee.

"We couldn't get good answers as to why they decided to locate the new data center away from Social Security's headquarters in Baltimore," said Rep. Sam Johnson, chairman of the Ways and Means subcommittee on Social Security.

"Now the project is already delayed a year, and that's before a single shovel has hit the ground," Johnson, R-Texas, said Feb. 11. "All the while, the more time passes, the higher the risk of the National Computer Center failing."

The Social Security Administration was to have bought the site in March 2010, awarded a building design contract this March, and completed construction in October 2013.

All of that has been pushed back by about a year, said David Foley, deputy commissioner of GSA's Public Buildings Service. And when construction is complete, it will take 18 months to move computers and other information technology into the new building, so the new data center won't be ready to run until August 2016, he said.

"The chance of a potentially crippling outage at the NCC increases as time passes," said Patrick O'Carroll, Social Security's inspector general.

The data center houses 460 million records of earnings and benefits for 57 million Social Security beneficiaries and 160 million workers. It's not unusual for the center to perform more than 150 million computerized transactions a day, Croft said.

"Pretty much all we do relies on computers. Even an hour's outage is a big deal. An extended outage would have national implications," he said.

If the data center were to shut down, Social Security would be unable to process tens of thousands of retirement, survivor and disability claims or to verify Social Security numbers, O'Carroll said.

Besides delaying the delivery of benefit checks, a shutdown would hamper people's ability to get jobs, driver's licenses, and loans and mortgages, he said.

"I think we can all agree on the importance of this data center replacement project," said Rep. Xavier Bercerra, D-Calif., the senior Democrat on the Social Security subcommittee. For several subcommittee members, the question was whether the GSA can now stick to the August 2016 date.

"We do have an aggressive schedule," Foley said. "But I'm fairly comfortable we can deliver it within the schedule we have."

When pressed on how comfortable, Foley said, "80 percent or more comfortable."

Threatwatch Alert

Thousands of cyber attacks occur each day

See the latest threats


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Data-Centric Security vs. Database-Level Security

    Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.

  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

  • PIV- I And Multifactor Authentication: The Best Defense for Federal Government Contractors

    This white paper explores NIST SP 800-171 and why compliance is critical to federal government contractors, especially those that work with the Department of Defense, as well as how leveraging PIV-I credentialing with multifactor authentication can be used as a defense against cyberattacks

  • Toward A More Innovative Government

    This research study aims to understand how state and local leaders regard their agency’s innovation efforts and what they are doing to overcome the challenges they face in successfully implementing these efforts.

  • From Volume to Value: UK’s NHS Digital Provides U.S. Healthcare Agencies A Roadmap For Value-Based Payment Models

    The U.S. healthcare industry is rapidly moving away from traditional fee-for-service models and towards value-based purchasing that reimburses physicians for quality of care in place of frequency of care.

  • GBC Flash Poll: Is Your Agency Safe?

    Federal leaders weigh in on the state of information security


When you download a report, your information may be shared with the underwriters of that document.