There were a lot of fun facts from this week’s House hearing on legacy IT in the federal government. Among the best were:
• The federal government spent more than 75 percent of its IT budget for fiscal 2015 on operations and maintenance (O&M) of legacy equipment.
• Some agencies still are running systems using COBOL—the Common Business Oriented Language developed in the late 1950s and early 1960s.
• The Treasury Department still is using a couple of systems that are 56 years old—that is 1960, the Eisenhower administration. Leave it to Beaver was still on the air and the Beatles were playing in Hamburg with Stu Sutcliffe.
And probably the best bit:
• The Defense Department is still using 8-inch floppy disks in a legacy system that coordinates the operational functions of the United States’ nuclear forces.
While these nuggets are interesting, and garnered a lot of shocked headlines, there was more smoke than fire at the House Oversight and Government Reform Committee hearing.
The meat of hearing was from the Government Accountability Office, which reported that of more than $80 billion spent on federal IT in fiscal 2015, about $61 billion, or 76 percent, was spent on maintaining legacy equipment and software. In fiscal 2010, the amount spent on O&M was 68 percent, and it is expected to grow to 77 percent in fiscal 2017. In the same time, the amount of money spent on IT development, modernization and enhancement has declined by $7.3 billion.
But before getting too concerned, consider a few more facts in the report. GAO defined legacy as “existing IT systems.” That makes anything already in use legacy, and not necessarily outdated or obsolete. It comes as no surprise that maintaining existing IT systems takes the lion’s share of the IT budget. GAO said that “the O&M phase is often the longest phase of an investment and can consume more than 80 percent of the total lifecycle costs.” So if O&M spending currently is running at 76 percent, that’s a little less than we might expect.
There are some legitimate reasons for concern. “Legacy IT investments across the federal government are becoming increasingly obsolete,” GAO found. And, “many IT O&M investments . . . were identified as moderate to high risk by agency CIOs.” GAO now lists management of IT acquisitions as a high risk government activity, and said that “the federal government has spent billions of dollars on failed and poorly performing IT investments which often suffered from ineffective management, such as project planning, requirements definition, and program oversight and governance.”
But even here, agencies don’t seem to be doing as badly as this suggests. The GAO said CIOs from 12 selected agencies reported that only 23 of their 187 major IT O&M investments were “moderate to high risk” as of August 2015. That is only 12 percent, and of those only four were rated high risk—two of which were subsequently reduced to moderate.
No one suggests that the feds shouldn’t do a better job of managing their IT acquisitions. And it is likely that a 1960 computer probably should be upgraded and 8-inch floppies might not be the best format for managing nuclear forces. There is a lot of work to be done in adequately maintaining and updating federal systems. But these are outliers and are not representative of government IT as a whole.
“Aging systems have risk,” Defense CIO Terry Halvorsen told the committee. But so does modernization. And “highlighting the oldest systems in our inventory does not represent the DOD technology portfolio as a whole.”
“Not everything old needs to be replaced,” Halvorsen said. Speaking as someone who remembers the original Isley Brothers, I heartily agree.