Legacy systems still power much of government

Cobol code

COBOL, a programming language first developed in 1959, still runs on many federal government systems. (Stock image)

Federal agencies spend about 70 percent of their IT budgets on legacy systems and 30 percent on developing new systems, according to a Government Accountability Office report released in November.

Let those numbers sink in: In fiscal 2011, 26 agencies spent $79 billion on IT, and $54 billion of it went to existing systems, leaving just $25 billion to develop new applications and technology.

Bob Woods, president of Topside Consulting Group and former commissioner of the General Services Administration’s Federal Technology Service, likens agencies’ current IT spending to an iceberg: The operations and maintenance (O&M) chunk is the bottom of the iceberg, hidden below the water, and the money spent on development is the part of the iceberg above the surface.

“That iceberg is sinking,” Woods said. “The O&M percentage is increasing, and agencies have been struggling with this. They need money to invest and do development right, and they need to do it right to preserve applications and mission support. But in many cases, they don’t have it, and they keep feeding O&M systems that are sucking up their money.”

Many federal systems still run Common Business-Oriented Language (COBOL), a programming language first developed in 1959, according to officials at several agencies.

Most officials involved in federal IT admit that legacy systems are a major challenge. GSA CIO Casey Coleman recently told an Association for Federal Information Resources Management audience that legacy systems were “really our challenge,” and Department of Homeland Security CIO Richard Spires told the same group that “a significant amount of legacy brings a significant amount of solutions with it," asking: "How do we migrate from that state to a better state?" But solutions aren’t always easy to implement, Woods said.

Agencies sometimes avoid virtualizing servers out of fear of losing ownership of older applications, and they continue financially supporting some older systems — like those running COBOL — because they don’t want to get rid of systems that have a history of reliability.

“Sometimes you have to kill systems that are obsolete, and that can be hard to do,” Woods said. “These systems have functionality of some sort, and someone thinks they have to have it. But you could either move that functional service to somewhere else or you could find a simpler commercial package that can be customized for an agency.”

But agencies first need to take a closer look at what they have and what they’re using it for. “A lot of this requires a re-engineering of the business process,” Woods said. “You get services from different sources. Sometimes you kill something and keep its functional parts, but it requires action. It requires someone to go in and take a look at the business processes at work here. There are lots of options, but lots of times IT shops are reluctant to get into the rough business process. But you know, business people are always smart about what’s available in IT.”

In other words, following the same old approach in IT spending won’t work, Woods said, and he’s not the only IT expert making that argument.

“These are tough financial times, and what tends to happen is we hunker down on that which we know,” said Dave Wennergren, the Defense Department’s assistant deputy chief management officer, speaking at a FedInsider Executive Leadership Forum Nov. 27.

“What’s easier: the new idea or the idea we know well?” Wennergren asked. “We need strategies that allow us to turn the status quo on its head.”

A good start would be for agencies to begin fully following existing investment oversight policies. GAO’s recent report shows that many agencies fail to annually assess the performance of their investments in legacy IT systems, or so-called steady-state investments.

GAO focused on five big-spending departments — DOD, DHS, Health and Human Services, Treasury, and Veterans Affairs — and found more than $3 billion in steady-state investments in fiscal 2011 that had not undergone the required operational analyses.

Furthermore, the report states that DOD, VA and Treasury did not have a policy in place or perform analyses on 23 major steady-state investments totaling $2.1 billion.

“We didn’t see a single operational analysis done,” said David Powner, director of IT management issues at GAO. “It was kind of big news there. If that much money is going toward O&M, we want to make sure it is continuing to meet mission needs.”

Officials from VA and DOD responded in the GAO report that operational analyses were not always necessary because the departments already develop plans and business cases called Exhibit 300s.

But GAO said those reports don’t highlight important metrics such as how a steady-state investment is performing, and auditors recommended that agencies report the results of operational analyses on the IT Dashboard.

“It should be great transparency,” Powner said. “If we do these operational analyses, maybe we can move some money from that 70 percent bucket into that 30 percent bucket, and spend more money on modernizing the government and less on keeping old systems going.”

About the Author

Frank Konkel is a former staff writer for FCW.

Cyber. Covered.

Government Cyber Insider tracks the technologies, policies, threats and emerging solutions that shape the cybersecurity landscape.


Reader comments

Wed, Dec 19, 2012

Bottom Line: Even with Agile S/W development, the system must be documented and developers must be accountable for those "documented" requirements. Say what you do. do what you say, prove it, and improve it..........

Tue, Dec 11, 2012 Erich Darr

In case you hadn't noticed, the services have been rushing head 1st into having contractors develop ERP systems to replace legacy systems. Some of these ERPs are so poorly designed that they don't work at all and aren't implemented and others that are implemented, while more modern (read GUI), don't have all of the functionality of the legacy systems they replace resulting in significant manual effort to replace key functionality. You can't expect a contractor to come in cold and replace complex systems. In a rush to fee for service in the mid-90s the "customers" often decided not to pay for documentation of changes leaving systems largely undocumented. The ERP efforts don't allow time for the reverse engineering necessary to glean the functionality of legacy systems. You can't replace a legacy system that took over 5 years to design, program, test and implement by knowledgable Civil Servants in just 2 or so years with an ERP developed by smart outsiders. In the rush with Rapid Application Development the up front systems analysis is often fatally inadequate.

Tue, Dec 11, 2012 Peter G. Tuttle, CPCM

Re virtualization - the perceived (or actual) loss of data control, the potential for workforce reductions due to efficiencies that are created, and the uncertainty surrounding change, also make any bold move towards efficiency gains very difficult for our Federal leaders.

Tue, Dec 11, 2012

For more than 20 years my agency has been discussing tracking cost, managing capital assets and depreciation without actually integrating them into decision making, (mostly perfunctory). However there is no motivation for change since the individuals making the decisions are either incapable, (for a plethora of reasons), or adversely effected. This behavior is made possible by a system which does not require budge formulation and program management based on such metrics—there is never a culling of the weak. The system always punishes the innocent and rewards the guilty.

Tue, Dec 11, 2012 Helen Withington Micro Focus

Very thought-provoking article, Frank. The crucial element in any successful organization is efficiency. Many find it tough enough just to “keep the lights on”, let alone spend time on innovation or strategic IT projects. Keeping core systems updated will cut down IT debt (the cost of clearing the backlog of maintenance to bring the corporate applications portfolio up to date), so that agencies can put more time and money on embracing innovation. So-called “legacy” or “core” systems are what make organizations run like clock-work. If it works well, why replace it? Agencies that exploit what already works in their existing applications across the platforms that are best for their organizations (be it mobile, cloud, Windows, Linux or Unix), will stay ahead of the game. It means development teams can focus on new inventive capabilities and user enhancements, aligning to the business strategy, rather than core business design and development. The result? Lower cost and risk, with faster time to market.

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group