On May 10, the Cybersecurity, Information Technology, and Government Innovation Subcommittee held a hearing titled “Risky Business: Costly Inaction on Federal Legacy IT.”  At the hearing, members examined how legacy federal IT systems create security and operational risks and are costly to maintain over time. Subcommittee members asked witnesses about risks to cybersecurity, how the process of identifying outdated systems can be improved, and how Congress can refocus the Technology Modernization Fund (TMF) toward improving, retiring, or replacing existing federal legacy IT systems.

Key Takeaways:

Aging federal information technology (IT), which is increasingly vulnerable to malicious hackers, needs to be replaced. These systems typically function poorly and are costly to operate.

• Suzette Kent, Chief Executive Officer of Kent Advisory Services, gave examples of the dangers of aging IT systems in her opening testimony.“Reminders of the dangers of archaic IT infrastructure are evident every day in both the public and private sector. Data stolen, travel disrupted, power grids compromised, people in businesses deprived of services, lives threatened, and our homeland security impugned. These dangers are like ticking time bombs becoming more severe as the use of AI and the attacks on encrypted data become more sophisticated.”

The Technology Modernization Fund (TMF) is a funding vehicle, authorized in 2017, to help agencies address this issue, but the projects TMF has funded don’t typically align with that goal.

• “Despite congressional and executive branch directives, despite creation of new funding vehicles and the ever-present pressure of mission needs, some agencies have still struggled to make significant progress tackling that technical debt,” warned Suzette Kent during her opening testimony.

Congress can find solutions to address the federal IT legacy problem and refocus TMF on its original mission.

• Kevin Walsh, Director of Information Technology and Cybersecurity at the U.S. Government Accountability Office said, “Agencies should identify their legacy systems and prioritize them to determine what we should keep or modernize, replace, or retire.”

Member Highlights:

Subcommittee Chairwoman Mace (R-S.C.) asked the witnesses how aging federal IT could be identified and how we can improve current identification processes.

Original source can be found here.