This morning GAO confirmed what anyone who has looked around the federal government knows all too well- we are trying to embrace a 21st Century digital government using antique (some would go so far as to say “Fossil”) computer systems. GAO just completed a yearlong review of just how bad things truly are, and oh boy, are they bad.
GAO reports that the federal government spends the majority of its $80 billion technology budget on maintaining and operating legacy systems—systems that are extremely vulnerable, often unprotected from hacks and ex-filtration's. And don’t even mention how much all this old stuff costs to maintain. GAO told Congress that millions of federal dollars can be saved just through consolidating data centers throughout the country. To date, agencies have closed over 3,000 data centers resulting in savings of $2.8 billion.
Some agencies reported 3,427 IT staff employed just to maintain legacy-programming languages, such as COBOL (1,085) and Fortran (613). This does not even include DOD or Labor because they could not estimate the number of lines of legacy code.
My favorite example from GAO is how DOD is using a 50-year-old 1970’s vintage IBM Series 1 mainframe to store nuclear weapons alert notifications. Sure, the system is a back-up, and yes, Terry Halverson said told Congress that it actually works pretty well and cannot be hacked. I guess the Chinese don’t have anyone old enough to figure out how to get access to it.
So what should agencies do to solve a problem that federal CIO Tony Scott says is worse than the Y2K challenge?
Well, Scott said something else to Congress that sums up the situation brilliantly- “When you find yourself riding a dead horse, you should dismount.”
His idea- let’s get off the old horses by establishing an IT Modernization Fund to be used as seed corn to accelerate the agencies off of fossil computers. To ensure good money is not thrown after bad, require the agencies to make a hard and fast business case to an independent panel of experts before they get any funding. Then track their success or failure closely and with full transparency.
It’s interesting because this is not a new idea. Vivek Kundra, the previous federal CIO, called for something very similar in hos seminal 25 Point Plan for IT Modernization. And the first versions of FITARA, which was successfully voted out the Oversight Committee and cleared the floor of the House of Representatives by unanimous consent, contained a similar idea that unfortunately died when the legislation went over to the Senate.
Even Chairman Jason Chaffetz, Chairman of the Oversight Committee and a tough guardian of agency spending, said he was “warming to the idea” of such a fund.
Good. We need the IT Modernization Fund. Going agency by agency and tin-cupping is simply not going to get the job done. How else are we going to get basic cyber security embedded across the federal government?