House panel weighs the risks of legacy IT

As experts warned of the "dire" threats posed by outdated federal technology, lawmakers grilled top feds, debated workforce issues and inched closer to backing a $3.1 billion fix-it fund.

Rep. Jason Chaffetz (R-Utah).

Rep. Jason Chaffetz (R-Utah) brandishes an 8-in. floppy disk in a hearing to make a point about antiquated IT. Photo credit: House Oversight and Government Reform Committee.

If the bid for a $3.1 billion revolving fund for IT modernization is going to get anywhere on Capitol Hill, it will likely need the support of Rep. Jason Chaffetz (R-Utah), who chairs of the powerful House Oversight and Government Reform Committee.

At a hearing on the financial costs and cybersecurity risks posed by aging legacy technology, Chaffetz allowed that his original characterization of the proposal as "hogwash" was subject to revision.

"I am warming up to the idea, but I'm not there yet," Chaffetz said.

The problem Chaffetz and others are facing: aging technology is expensive, insecure and underpins everything from tax returns to nuclear warheads.

"Federal legacy IT investments are becoming increasingly obsolete," the Government Accountability Office warned in a May 25 report, released as Chaffetz's committee held a hearing on the subject.

Many crucial federal systems are decades old and incompatible with modern security tools, creating a "dire security situation," GAO Director of IT Management Issues Dave Powner said.

And the obsolescence won't be easily reversed, lawmakers and experts alike warned.

Of some 7,000 federal IT investments, 5,233 dedicated the entirety of their budgets to operations and maintenance in fiscal year 2015, GAO found. Out of the total $80 billion the feds spent on IT in FY15, $61.2 billion was on O&M – a troubling stat to which federal CIO Tony Scott has pointed before.

"You can't continue to spend 70 percent of your $80 billion on legacy systems and retain personnel, provide information or make sure the information you have is safe and secure," Chaffetz said. "It's just not working."

The proposed revolving fund, which would disburse money for IT modernization to agencies on the condition that it be paid back, could give modernization pushes the jump-start they need to succeed, Scott argued.

Chaffetz and IT Subcommittee Chair Will Hurd (R-Texas) indicated they'd prefer agencies to fund modernization projects by realized savings in other IT work, such as through data center consolidation savings.   But Chaffetz's "warming" comment corroborated what an Office of Management and Budget staffer told FCW a day earlier:  that an "open conversation" between Chaffetz and administration officials about the IT modernization fund had taken place in recent days.  

And Scott, while not mentioning Chaffetz specifically, said at the Management of Change conference on May 24 that he was pleased by the give-and-take with legislators and their staffs about the fund.  "The folks on the Hill …. have asked really good, hard questions about how this would work," Scott said. "It’s helped us to make the proposal better. "

Drive-by leadership?

The outdated tech is hardware and software alike, and includes commercial off-the-shelf and custom products.

While a few agencies are racing to implement Windows 10, Chaffetz noted that, "Some agencies still use Windows 3.1, which came onto the market in the early 1990s, or Windows XP, which came onto the market in the early 2000s."

For some specific government investments, the agency in charge has a clear plan to replace aging technology, but in many other cases, plans are elusive.

GAO's report fingered the IRS' Individual Master File, for instance: a system that went online in the 1960s, written in "a low-level computer code that is difficult to write and maintain." The report noted that IRS "has general plans to replace" the IMF with a modern setup but "no firm date" for transition.

Agencies need replacement plans with "clear milestones," GAO's Powner said, but federal agency CIOs tend to only stick around for two years on average. It's no wonder so few tech leaders start ambitious modernization pushes that might outlast their own brief tenures, Powner said.

"Most CIOs are not tackling these large modernization projects," he noted.

Terry Milholland, the IRS' CTO, defended the transition away from the individual master file, saying that the incredibly complicated move has been ongoing for decades and that IRS is making headway.

"The principal issue there is now to convert the mainline code from assembly language to Java," he testified. "We in fact tackled the hardest, knottiest, most grittiest part of this code, which is critical for processing taxpayer returns, to convert into Java."

Milholland said the second of three phases in IRS modernization should be done in 2019 or 2020 – depending on the budget.

Defense Department CIO Terry Halvorsen echoed Milholland's concern about funding.

Lawmakers pilloried the Pentagon for using 8-inch floppy disks in its nuclear arms management system, but Halvorsen pushed back, saying the floppies are actually very reliable and, with limited money to dedicate to varied priorities, ditching the disks isn't high on his list of priorities.

And on the workforce front, Chaffetz acknowledged that government is missing out on talented tech workers due to a lack of hiring flexibilities. He said he might pursue streamlined critical pay for the IRS – which could keep the soon-to-depart Milholland on the job – but is leery of current IRS leadership and is backing the impeachment of IRS commissioner John Koskinen.

Chaffetz said he was working with Scott on other workforce solutions. Whatever the feds wind up doing to address tech personnel shortage, new federal jobs will probably be on the line.

"It's not all going to go to contractors," Chaffetz said, noting the importance of agencies maintaining visibility into and control over their IT operations.

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.