The Government Accountability Office (GAO) identified 10 agency legacy systems in most critical need of modernization in a June 11 report.
After reviewing 65 legacy systems that 24 agencies identified as “in need of modernization,” GAO analyzed 10 in highest need based on age, criticality, and risk. Among the 10 GAO selected, several use outdated coding languages, have unsupported software and hardware, and operate with known security vulnerabilities. These 10 systems were found in the following agencies:
- Department of Defense (DoD);
- Department of Education;
- Department of Health and Human Services (HHS);
- Department of Homeland Security (DHS);
- Department of the Interior (DoI);
- Department of the Treasury;
- Department of Transportation (DoT);
- Office of Personnel Management;
- Small Business Administration; and
- Social Security Administration.
The systems within these agencies range from eight to 51 years in age and cost approximately $337 million to operate and maintain each year, and GAO found significant issues concerning these agencies’ legacy systems.
The Department of Education’s legacy system, for instance, runs on Common Business Oriented Language, “a programming language that has a dwindled number of people with the skills needed to support it,” and DoI’s system has obsolete software that its manufacturer no longer supports. DHS’s legacy system also has many reported cybersecurity vulnerabilities – 168 of which GAO said were considered high or critical risks to DHS’s network as of September 2018.
Of the 10 agencies, seven had documented plans for modernizing their systems. Department of Education, HHS, and DoT did not have documented plans, and of the seven, only DoI and DoD’s modernization plans included key elements GAO considered best practices, such as milestones, descriptions of work needed to completely modernize, and a plan to depose of the legacy system.
“Until the other eight agencies establish complete modernization plans, they will have an increased risk of cost overruns, schedule delays, and project failure,” GAO said.
GAO issued eight recommendations to the eight respective agencies to identify and document modernization plans for their legacy systems. All eight agencies agreed with GAO’s findings and recommendations, and seven agencies described plans to address the recommendations.