A government report has found that 75% of the total US IT budget last fiscal year was spent on operating and maintaining existing systems, which in some cases were at least 50 years old. Some of those aging systems that handle crucial functions, including those of the nation's nuclear forces, use outdated tech such as 8-inch floppy disks, Windows Server 2003, and the decades-old programming language COBOL.
The Government Accountability Office released the report Wednesday, noting that of the more than $80 billion spent on federal IT in fiscal year 2015, roughly $61 billion went to maintaining and operating existing systems. Over the past seven fiscal years, IT spending on modernization, development, and enhancements has fallen by $7.3 billion from fiscal 2010 to 2017.
The GAO issued the report because President Obama's fiscal year 2017 budget is requesting more than $89 billion be spent on IT, with a large portion of it targeted toward operating and maintaining existing IT systems. The GAO reiterated the need for federal agencies to effectively manage IT operations and maintenance investments.
In the report, Rep. Jason Chaffetz, chairman of the House Oversight and Government Reform Committee, stated:
Legacy IT investments across the federal government are becoming increasingly obsolete. Specifically, many use outdated languages and old parts. Numerous old investments are using obsolete programming languages. Several agencies, such as the Department of Agriculture (USDA), DHS, HHS, Justice, Treasury, and VA, reported using Common Business Oriented Language (COBOL) -- a programming language developed in the late 1950s and early 1960s -- to program their legacy systems. It is widely known that agencies need to move to more modern, maintainable languages, as appropriate and feasible. For example, the Gartner Group, a leading IT research and advisory company, has reported that organizations using COBOL should consider replacing the language and in 2010 noted that there should be a shift in focus to using more modern languages for new products.
In addition, some legacy systems may use parts that are obsolete and more difficult to find. For instance, Defense is still using 8-inch floppy disks in a legacy system that coordinates the operational functions of the United States' nuclear forces.
Further, in some cases, the vendors no longer provide support for hardware or software, creating security vulnerabilities and additional costs. For example, each of the 12 selected agencies reported using unsupported operating systems and components in their fiscal year 2014 reports pursuant to the Federal Information Security Management Act of 2002. Commerce, Defense, Treasury, HHS, and VA reported using 1980s and 1990s Microsoft operating systems that stopped being supported by the vendor more than a decade ago.
Although the Office of Management and Budget (OMB), which is run out of the White House, has drafted an initiative that calls for federal agencies to analyze and review how they spend their money to maintain and operate systems, the draft has not been finalized and turned into a policy.
Over the past 30 years, Congress has passed several laws to aid federal agencies and the government in managing its technology investments. In 1996, Congress enacted the Clinger-Cohen Act, which is a combination of the Information Technology Management Reform Act (ITMRA) and the Federal Acquisition Reform Act. That was followed with IT acquisition reform legislation, or the Federal Information Technology Acquisition Reform Act (FITARA), in December 2014.
In February 2015, the GAO introduced a new government-wide high-risk area initiative called Improving the Management of IT Acquisitions and Operations. The GAO identified actions that the OMB and federal agencies needed to take, such as implementing reforms in the ways IT acquisitions are handled.
The GAO noted that of the roughly 800 recommendations it has made to the OMB and multiple federal agencies over the last six years to improve its investments in IT, only 32% of the recommendations had been taken up as of October 2015.
In making its recommendations, the GAO noted that one is that the OMB finalize a draft that identifies and prioritizes legacy IT that needs to be modernized or replaced. The GAO is also recommending that selected agencies address obsolete legacy IT operations and maintenance investments.Dawn Kawamoto is an Associate Editor for Dark Reading, where she covers cybersecurity news and trends. She is an award-winning journalist who has written and edited technology, management, leadership, career, finance, and innovation stories for such publications as CNET's ... View Full Bio