A report released by the United States Government Accountability Office (GAO) on Wednesday, May 25, reveals that critical systems that manage the country’s nuclear arsenal are run on computers manufactured in the ’70s that still use floppy disk drives for their storage.
addresses the state of legacy IT systems used by US government agencies, and the necessary costs of upgrading. Besides a breakdown of some of the budget spendings on IT equipment in 2015, the report also includes a list of high-priority systems that government agencies need to address.
Old software is rampant among US government agencies
The first example of an outdated system given in the report is in the Department of Defense (DoD), where the agency still uses 8-inch floppy disks in a computer system that’s used to operate and manage the US nuclear weapons system.
Fortunately, the DoD intends to upgrade, along with another system for crisis action planning and strategic mobilization, which uses somewhat newer technology, but which still runs on outdated versions (Windows Server 2008, 2009 Oracle 11g, programmed in Java).
Another agency that plans to upgrade is the US Department of Veterans Affairs, which uses COBOL, a programming language from the ‘50s to manage a system for employee time and attendance.
Unfortunately for the DoD, there were funds only to upgrade that COBOL system, because the agency still uses the antiquated programming language to run another system that tracks claims filed by veterans for benefits, eligibility, and dates of death. This latter system won’t be updated this year.
Another serious COBOL user is the Department of Homeland Security, who employs it to track hiring operations, alongside a 2008 IBM z10 mainframe and a Web component that uses a Windows 2012 server running Java.
US agencies also use COBOL and assembly code written in the ’50s
Further, the Department of Treasury also employs low-level computer code (assembly language) developed in the ‘50s to manage the Individual Master File, a system that “is the authoritative data source for individual taxpayer accounts where accounts are updated, taxes are assessed, and refunds are generated during the tax filing period.”
Some other example of an antiquated system used by US agencies that exposes them to cyber-attacks is an IT system that allows the Department of Transportation to maintain comprehensive information on hazardous materials incidents, also set for an upgrade by 2018. This system was coded using the now defunct Classic ASP language.
Besides the risks of exposing critical US IT systems to cyber-attacks by using outdated technologies, the US is facing huge maintenance costs as well.
These old systems need more work than modern technologies, custom hardware, and special personnel that has the know-how to interact, fix, or patch such systems when needed.
Below is a photo included in the GOA report that depicts two types of floppy disks still used by the US DoD.