Both of the Treasury’s systems on the list run on COBOL and Assembly Language Code, which a dwindling number of people are proficient in. Image: honglouwawa/Shutterstock.com
By: FEDweek StaffThe GAO has sounded the latest of a series of alarms about security vulnerabilities in legacy agency IT systems, saying that the 11 most in need of modernization “are essential to government operations such as health care, critical infrastructure, tax processing, and national security.”
“Eight of the 11 systems use outdated languages, four have unsupported hardware or software, and seven are operating with known cybersecurity vulnerabilities,” a report said.
For example, both of the Treasury’s systems on the list run on Common Business Oriented Language (COBOL) and Assembly Language Code—”programming languages that have a dwindling number of people available with the skills needed to support them. In addition, the Environmental Protection Agency’s system contains obsolete hardware that is not supported by manufacturers and has known cybersecurity vulnerabilities that cannot be remediated without modernization.”
Agencies have completed modernization of only three of the 10 systems on a similar list the GAO compiled in 2019, it said. Of the rest, under current plans two more won’t be completed for at least five years and there is no planned completion date for another.
GAO produced the latest list using standards such as age, vendor support, use of legacy programming languages, degree of cybersecurity risk, and operating costs. It said that of the 11, agencies have plans to address nine, but six of those did not include all key elements of such a plan—even though several of them already are underway. There is no plan for the other two, at Defense and Energy, it said.
“Until agencies fully document modernization plans for critical legacy IT systems, their modernization initiatives will have an increased likelihood of cost overruns, schedule delays, and overall project failure. Project failure would be particularly detrimental not only because of wasted resources, but also because it would prolong the lifespan of increasingly vulnerable and obsolete systems,” it said.
The report added: “GAO recommended nearly a decade ago, and has since made it a priority recommendation, that OMB direct agencies to identify legacy systems and/or investments needing to be modernized. OMB has not yet taken action. Given OMB’s lack of action, Congress requiring federal agencies to develop modernization plans for critical legacy systems can expedite agencies’ efforts.”
Key Bills Advancing, but No Path to Avoid Shutdown Apparent
TSP Adds Detail to Upcoming Roth Conversion Feature
White House to Issue Rules on RIF, Disciplinary Policy Changes
DoD Announces Civilian Volunteer Detail in Support of Immigration Enforcement
See also,
How Do Age and Years of Service Impact My Federal Retirement
The Best Ages for Federal Employees to Retire
How to Challenge a Federal Reduction in Force (RIF) in 2025
Should I be Shooting for a $1M TSP Balance? Depends…
FERS Retirement Guide 2025 – Your Roadmap to Maximizing Federal Retirement Benefits
