Security

Federal IT Living in the Floppy Age, Reports GAO

Antiquated IT systems are soaking up federal technology dollars and creating risks for both bureaucrats and citizens, the Government Accountability Office reported last week.

More than 75 percent of the federal IT budget in 2015 went toward the operation and maintenance of nearly obsolete legacy systems that use outdated software languages and unsupported hardware parts.

“Such spending has increased over the past seven fiscal years, which has resulted in a (US)$7.3 billion decline from fiscal years 2010 to 2017 in development, modernization, and enhancement activities,” the GAO report notes.

Some agencies reported using systems with components that were, in some cases, 50 or more years old, according to the GAO.

In the Defense Department, for example, 8-inch floppy disks are used in a legacy system that coordinates the operational functions of U.S. nuclear forces.

Incentive to Play Safe

Although the U.S. Office of Management and Budget has launched an initiative to modernize, retire and replace federal legacy IT systems, the government in the meantime runs the risk of negative consequences due to relying on systems that have outlived their effectiveness, the GAO reported.

However, those risks may be preferable to the alternatives for the people operating those systems, noted Daniel Castro, a senior analyst with the Information Technology & Innovation Foundation.

“The process of taking an old system out of service and replacing it brings a lot of risk, and government is traditionally risk-averse,” he told the E-Commerce Times.

“As an IT manager, it’s safer to continue on with what you have. There’s no reward for taking on the risk of rebuilding a system,” Castro continued. “The way the federal government is designed, there’s nothing pushing them to modernize.”

Billions on Poor Projects

When the feds have tried to modernize their IT systems, the results often have been less than desirable, the GAO report notes.

“Federal IT investments have too frequently failed or incurred cost overruns and schedule slippages while contributing little to mission-related outcomes,” it says. “The federal government has spent billions of dollars on failed and poorly performing IT investments which often suffered from ineffective management, such as project planning, requirements definition, and program oversight and governance.”

The risk of something going terribly wrong, coupled with no upside when something goes right, removes the incentive to replace those systems, ITIF’s Castro pointed out.

It’s not just the government’s IT systems that are showing their age, he added. Their IT contracting methods also are antiquated.

“They’re using dated procurement methods for IT,” Castro said. “Instead of doing agile development and working in sprints, as they do in the private sector, they have to scope out the whole system ahead of time, send it to a contractor, and wait for it to come back — and things more times than not don’t work as expected.”

Legacy Dilemma

Legacy systems used for mission-critical tasks have a way of self-perpetuating themselves, noted Osama Malik, a principal with Booz Allen Hamilton.

Over the years, the systems are modified and documentation is lost, and typically just a handful of people remain who have the institutional knowledge of the systems in their heads.

“When they leave, you’ve got a situation where you’ve got this thing that’s not broken — it’s working, it’s doing what it needs to do — but there aren’t a lot of folks who understand how it does what it does,” Malik told the E-Commerce Times. “It gets to the point where it’s easier to spend money to keep the thing running on old technology than it is to take on the risk to change things.”

That strategy results in diminishing returns in the long run, though.

“Eventually it becomes so expensive to maintain and run it, you don’t have the budget big enough to invest in something new,” Malik explained.

Those problems shouldn’t occur in the systems that replace the legacy systems.

“With these legacy systems, everything is interconnected. If you change one thing, there’s a risk you’ll bring the whole thing down,” Malik observed. “With modern architectures, there are ways to continually evolve and inject new technologies into them without risking bringing down everything else.”

John Mello is a freelance technology writer and contributor to Chief Security Officer magazine. You can connect with him on Google+.

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

Related Stories
More by John P. Mello Jr.
More in Security

What's your outlook for the business climate in 2025?
Loading ... Loading ...

E-Commerce Times Channels