Outdated tech can be costly.
The federal government's 10 legacy systems most in need of modernization cost about $337 million a year to operate and maintain, according to the Government Accountability Office.
The 10 systems aren’t necessarily the government’s oldest. GAO withheld systems’ names in its public report due to security concerns, but they range from 8 to 51 years old and are housed within 10 different agencies.
GAO plucked these 10 from a pool of 65 submitted by the 24 CFO Act agencies and determined they were most in need of an update due a mix of their age, how critical they are to agency missions and risks. The final list include many that depend on ancient programming languages like COBOL, have unsupported hardware or software, and operate with known security vulnerabilities.
At the Defense Department, the Air Force “System 1,” for example, supports the wartime readiness of aircraft. The 14-year-old system runs on COBOL on a mainframe hosted by another agency and the department struggles to find the staff who can maintain the code and infrastructure. The Air Force anticipates the annual costs to climb from $21.8 million in 2018 to $35 million in 2020. Last fall, the service awarded a contract to get the system to a cloud environment and incrementally update COBOL into a modern language. The ballpark savings: $34 million annually.
The Interior Department’s “System 5” is an 18-year-old industrial control system for dams and power plants around “a particular river and its tributaries.” It contains obsolete hardware that isn’t supported by the manufacturer and software that didn’t include long-term vendor support, leaving it vulnerable to security and performance issues. It’s the type of system that the director of national intelligence has long warned could be an attractive target to adversaries. Interior’s modernization involves a complete replacement of obsolete pieces and an expansion of capabilities to include data collection and automation.
But those two agencies were the only ones of the 10 with complete modernization plans, which GAO notes are essential to avoid cost overruns, schedule delays and project failure.
Five agencies—the Social Security Administration, Small Business Administration, Office of Personnel Management and Homeland Security and Treasury departments—had partial plans in place. The Education, Health and Human Services, and Transportation departments had no plan in place.
“Project failure would be particularly detrimental in these 10 cases, not only because of wasted resources, but also because it would prolong the lifespan of increasingly vulnerable and obsolete systems, exposing the agency and system clients to security threats and potentially significant performance issues,” the auditors wrote.
This lack of planning isn’t entirely on the agencies. Agencies aren’t required to evaluate whether existing IT assets are fine as-is, need updating or should be retired. As far back as May 2016, GAO recommended that the Office of Management and Budget issue guidance for legacy systems but as of April, has yet to do so.