GAO this morning confirmed what anyone who has looked around the Federal government knows all too well–we are trying to embrace a 21st century digital government using antique (some would go so far as to say “fossil”) computer systems. GAO just completed a yearlong review of just how bad things truly are, and oh boy, are they bad.
GAO reports that the Federal government spends the majority of its $80 billion technology budget on maintaining and operating legacy systems—systems that are extremely vulnerable, often unprotectable from hacks and exfiltrations. And don’t even mention how much all this old stuff costs to maintain. GAO told Congress that millions of Federal dollars can be saved just through consolidating data centers throughout the country. To date, agencies have closed more than 3,000 data centers resulting in savings of $2.8 billion.
Some agencies reported 3,427 IT staff employed just to maintain legacy-programming languages, such as COBOL (1,085) and Fortran (613). This does not even include DoD or Labor because they could not estimate the number of lines of legacy code.
My favorite example from GAO is how DoD is using a 1970s-vintage IBM Series 1 mainframe to store nuclear weapons alert notifications. Sure, the system is a backup, and yes, Terry Halversen told Congress that it actually works pretty well and cannot be hacked. I guess the Chinese don’t have anyone old enough to figure out how to get access to it.
So what should agencies do to solve a problem that Federal CIO Tony Scott says is worse than the Y2K challenge?
Well, Scott said something else to Congress that sums up the situation brilliantly: “When you find yourself riding a dead horse, you should dismount.”
His idea–let’s get off the old horses by establishing an IT Modernization Fund to be used as seed corn to accelerate the agencies off of fossil computers. To ensure good money is not thrown after bad, require the agencies to make a hard and fast business case to an independent panel of experts before they get any funding. Then track their success or failure closely and with full transparency.
It’s interesting because this is not a new idea. Vivek Kundra, the previous Federal CIO, called for something very similar in his seminal 25-Point Plan for IT Modernization. And the first versions of FITARA, which was successfully voted out the Oversight Committee and cleared the floor of the House of Representatives by unanimous consent, contained a similar idea that unfortunately died when the legislation went over to the Senate.
Even Jason Chaffetz, R-Utah, chairman of the Oversight Committee and a tough guardian of agency spending, said he was “warming to the idea” of such a fund.
Good. We need the IT Modernization Fund. Going agency by agency and tin-cupping is simply not going to get the job done. How else are we going to get basic cybersecurity embedded across the Federal government?
Richard Beutel is a Principal at Cyrrus Analytics.
MeriTalk begins a series taken from a book-length work authored by a senior Federal IT official currently working in government. This is one part of an extensive, firsthand account of how IT decisions are made, the obstacles standing in the way of real change in government technology management, and what one career Federal IT employee really thinks about the way 
NASA plans to spend $731 million on major IT investments, but has not reported any of those programs as high risk. “You can’t manage these IT investments appropriately if you can’t acknowledge risk,” said Dave Powner, director of IT Management Issues at the GAO. Those with failing grades were not the only ones to receive criticism from 
IG investigators became aware of the vulnerability and the data breach during their ongoing investigation of 18F financial management. The vulnerability stemmed from 18F’s use of the Slack instant messaging system in conjunction with the OAuth 2.0 authentication and authorization process. 18F supervisors are also coming under scrutiny for delaying the 
Industry executives urged the Federal government to do more to advance the use of blockchain technology to secure online financial transactions, and to get behind nationwide adoption of cybersecurity insurance. Although bitcoin is an anonymous network, IBM Fellow Jerry Cuomo advised the commission to support what is known as permissioned blockchain, which involves the use of blockchain in networks where the users are known and trusted. “Blockchain has tremendous potential to help transform business and society, but it’s so strikingly different from what people are used to that many business and government leaders are adopting a wait-and-see attitude,” 
Dave Dimond of EMC said the challenge health care providers face has everything to do with meeting patient expectations in a world “where they want things, and they want them now.” A recent survey from Vanson Bourne found that 89 percent of health care providers say technology has already changed their patient expectations. With the health care sector moving rapidly toward value-based care–a model based on using data to improve outcomes while lowering costs–information management will be key for organizations that want to survive, Dimond said. IT is a resource that will be spread too thin without finding new ways to free up a CIO’s time to focus on the requirements of value-based care, 
At the NASCIO Mid-Year Conference in Baltimore last week, Government Technology talked to state CIOs about whether cognitive computing can help them deal with the data deluge. Wisconsin CIO David Cagigal sees a definite role for technology that learns from citizen behavior to inform services and 
FDIC experienced several data breaches over the last few years, at least seven of which were the result of employees taking sensitive information with them when moving on to new jobs. Initially, the FDIC declined to label these as major incidents, which would require immediate reporting to Congress. However, subsequent to IG investigations and news reports, it was determined all seven rose to this level and they 
The local police department has signed on to a 2015 White House initiative that calls for boosting transparency to increase trust in communities. The Menlo Park Police Department joins 52 other law enforcement agencies around the nation, including San Jose, San Francisco, Vallejo and San Leandro, participating in the 
Georgia Attorney General Sam Olens has come out in support of Federal data breach preemption as a more realistic way to ask companies to comply with regulatory requirements in the wake of a breach or data loss incident. His statement comes on the heels of California Attorney General Kamala Harris’ report that the burden on companies to comply with the patchwork of state data breach laws is too heavy, and that state laws should be harmonized to lessen that burden. Saying that “the day of benign neglect is gone,” Olens said companies that are lagging behind in putting reasonable security measures in 
Evolving requirements to greatly improve Federal protection of information technology resources will shape Federal software spending. In fact, Federal cyberprotection goals should be augmented and significantly modified, according to recent studies of the Federal market. The linkage between increased Federal investing in cybersecurity and the requirements for bolstering IT protection are portrayed in two 
There’s no question that the U.S. government has collected an incredible amount of data. Whether for things like the Census, housing, agriculture, transportation, or health care, Federal agencies have accumulated data from around the country. In the past seven years, the White House has made efforts to leverage more technology 
Microsoft surprised the world last month when it filed a lawsuit against the U.S. Department of Justice, alleging that the frequent practice of attaching gag orders to search warrants for customer data violates the U.S. Constitution.
With public-sector information-technology projects at any level of government, one does not have to look too far to find examples of waste and worse. In the wake of a series of failed projects, Hawaii is auditing its last four years of IT spending. On the local-government level, it would be hard to find a better example of what can go wrong than New York City’s CityTime payroll-system project, abandoned after its costs ballooned from $63 million to $700 million amid mismanagement 
Can other technology companies defy the government the way Apple did when asked to help U.S. investigators crack the code of iPhone 5C? Unlikely. Especially in jurisdictions where the governments may not be so benign in pursuing hidden material in electronic devices or data centers. Not EMC Corporation, the world’s largest 
Under the appendix, Federal agencies are required to subject security controls for major applications and support systems to audits at least every three years. “While some documentation of security controls is essential, these three-year assessments are not cost-effective or consistent with best-practices or other Federal policies,” the lawmakers said. Carper and Johnson requested OMB to submit its response to the Senate 
U.S. Chief Information Officer Tony Scott Tuesday hinted his office may be working to help guide Federal agencies to adopt “bimodal IT” to balance modern IT with old but necessary systems.
The senators say the lack of a new policy is preventing Federal agencies from moving to automated systems that can better protect Federal networks from cybersecurity threats. The existing Federal cybersecurity policy was created in 2000 and the threat landscape has evolved 
One of the most recent developments was the formation of a Federal Commission on Enhancing National Cybersecurity. Another was the formal introduction in Congress of the administration’s information technology investment plan, which is heavily tilted toward cybersecurity protection. The goal of the panel is to make recommend actions that can be taken over the next decade to enhance cybersecurity awareness and protections throughout government and the private sector, according to a 
Facebook has published its latest Global Government Requests Report covering the second half of 2015. The transparency report reveals that there has been a 13 percent increase in the number of government requests for data, but it also shows that Facebook is still not able to be as transparent as it might want. For the first time the social network is able to report about the number of data requests that have a non-disclosure 
Deltek estimates contractor-addressable spending on the U.S. government’s mission-critical programs will increase by $18 billion to about $682 billion in fiscal year 2017 if Congress approves the White House’s latest budget request. The report forecasts continued growth in the Federal cybersecurity, big data analytics, health care information technology and infrastructure segments despite a projected small decline in overall contractor-addressable IT spending for FY 2017. “Government demand looks particularly strong for…areas that align with the Obama administration’s focus on modernization, health care and veterans services,” said Deniece Peterson, Deltek’s director of 
The director of the FBI suggested Thursday that his agency paid at least $1.3 million to an undisclosed group to help hack into the encrypted iPhone used by an attacker in the mass shooting in San Bernardino, Calif.
Apple says these requests typically seek information about a user’s iTunes or iCloud account, and each requires a search warrant. That information could then be used to help investigators prevent planned crimes from taking place or, after the fact, assembling a criminal case against someone. Privacy advocates are alarmed by the growing number of these 
Cybersecurity is no longer the exclusive domain of corporate IT shops. In the past and in some quarters today, cybersecurity is still viewed as “some IT thing.” But the companies that take this view do so at their own peril. The specter of data breaches and denial-of service attacks are risks facing every business using 
Microsoft announced last November that the company would begin offering cloud services from the United Kingdom, with the firm saying those services would extend to government organizations. Department of Defense CIO Terry Halvorsen has evangelized for the Pentagon to be more willing to allow cloud vendors to host sensitive DOD data. He would like about 50 DOD personnel to do a stint in the private sector in the coming year, and likewise bring about 50 IT hands from 
Data collected by the Federal government should be open and accessible to public by default, according to a group of lawmakers. According to Sen. Brian Schatz, D-Hawaii, at a discussion in Washington on Thursday, agencies these days just release data using virtual documents wherein the searcher of the information is expected to do their own digging. One of the Federal agencies that will be covered by this bill will 
Microsoft wants to reveal more information on the data requests it gets from the U.S. Federal government. The company filed a lawsuit claiming the government has violated the First and Fourth Amendments by ordering Microsoft to keep thousands of data requests to the company secret. Notably and even surprisingly, 1,752 of these secrecy orders, or 68 percent of the total, contained no 
In 2010, the Obama administration’s first Federal CIO Vivek Kundra mandated that Federal agencies should try to make use of a “cloud-first” strategy instead of building more data centers. Since then, 3,125 Federal agency data centers have been closed, out of the 10,584 that existed when Kundra 
Sens. Richard Burr and Dianne Feinstein released the official version of their anti-encryption bill after a draft appeared online last week. The bill, titled the Compliance with Court Orders Act of 2016, would require tech firms to decrypt customers’ data at a court’s request. The Burr-Feinstein proposal has already faced heavy criticism from the tech and legislative communities and is not expected to get anywhere in the Senate. President Obama has also indicated that he will 
Tony Scott The White House has proposed a bill that would create a $3.1 billion revolving fund to help Federal agencies update their legacy information technology systems and bolster the government’s cybersecurity posture. He added the bill would also establish an independent board of experts to help identify agency IT systems that face the highest risk for potential cyberattacks as well as strategies to facilitate adoption of common platforms and cybersecurity best