Both of the Treasury’s systems on the list run on COBOL and Assembly Language Code, which a dwindling number of people are proficient in. Image: honglouwawa/Shutterstock.com
The GAO has sounded the latest of a series of alarms about security vulnerabilities in legacy agency IT systems, saying that the 11 most in need of modernization “are essential to government operations such as health care, critical infrastructure, tax processing, and national security.”
“Eight of the 11 systems use outdated languages, four have unsupported hardware or software, and seven are operating with known cybersecurity vulnerabilities,” a report said.
For example, both of the Treasury’s systems on the list run on Common Business Oriented Language (COBOL) and Assembly Language Code—”programming languages that have a dwindling number of people available with the skills needed to support them. In addition, the Environmental Protection Agency’s system contains obsolete hardware that is not supported by manufacturers and has known cybersecurity vulnerabilities that cannot be remediated without modernization.”
Agencies have completed modernization of only three of the 10 systems on a similar list the GAO compiled in 2019, it said. Of the rest, under current plans two more won’t be completed for at least five years and there is no planned completion date for another.
GAO produced the latest list using standards such as age, vendor support, use of legacy programming languages, degree of cybersecurity risk, and operating costs. It said that of the 11, agencies have plans to address nine, but six of those did not include all key elements of such a plan—even though several of them already are underway. There is no plan for the other two, at Defense and Energy, it said.
“Until agencies fully document modernization plans for critical legacy IT systems, their modernization initiatives will have an increased likelihood of cost overruns, schedule delays, and overall project failure. Project failure would be particularly detrimental not only because of wasted resources, but also because it would prolong the lifespan of increasingly vulnerable and obsolete systems,” it said.
The report added: “GAO recommended nearly a decade ago, and has since made it a priority recommendation, that OMB direct agencies to identify legacy systems and/or investments needing to be modernized. OMB has not yet taken action. Given OMB’s lack of action, Congress requiring federal agencies to develop modernization plans for critical legacy systems can expedite agencies’ efforts.”
Order Formally Launches ‘Schedule Policy/Career,’ Adds Category of Appointees
OPM Revives Director’s Blog; First Message: Don’t Take RIFs Personally
OPM: Impact of RIFs Could Be Much Larger than Commonly Used Numbers. Or Maybe Less.
Agencies Should Weigh Impact on Employees of Return to Worksite, Says Report
See also,
A Pre-RIF Checklist for Every Federal Employee, From a Federal Employment Attorney
Work Longer or Take the FERS Supplement Now: Which is Better?
Doubling Your TSP (C Fund vs G Fund)
How to Estimate a FERS Special Retirement Supplement (calculator!)