Agencies Need to Continue Addressing Critical Legacy Systems

Source: Information Technology: Agencies Need to Continue Addressing Critical Legacy Systems - U.S. GAO. https://www.gao.gov/products/gao-23-106821 - Statement of Kevin Walsh, Director, Information Technology and Cybersecurity before the Subcommittee on Cybersecurity, Information Technology, and Government Innovation, Committee on Oversight and Accountability, House of Representatives

The United States federal government remains one of the largest IT spenders in the world, investing over $100 billion annually in information technology (IT) and cyber-related initiatives. However, a significant portion of this budget—approximately 80%—is allocated to maintaining and operating existing IT systems, including outdated legacy infrastructure. In 2023, the Government Accountability Office (GAO) released a comprehensive report that highlighted the critical state of federal IT, shedding light on aging systems, security vulnerabilities, modernization efforts, and the potential benefits of strategic IT transformation.

This report must serve as a wake-up call for government agencies and stakeholders, underscoring the urgency of modernizing legacy systems to enhance efficiency, security, and cost-effectiveness.

In this blog, we will explore the key findings from the GAO report, analyze the risks associated with legacy systems, examine the progress of modernization efforts, and discuss the potential benefits of IT transformation across federal agencies.

The federal government dedicates an immense budget to IT and cybersecurity-related expenditures each year, yet most of this investment supports aging systems' ongoing operations and maintenance (O&M). With nearly 80% of federal IT spending focused on sustaining legacy systems, only a fraction is directed toward innovation and modernization. This imbalance highlights a significant challenge: while new technological advancements could drive efficiency and security, a disproportionate focus on O&M is hindering progress.

Legacy systems, some of which have been operational for decades, require substantial resources to keep them running. These outdated systems are often built on obsolete programming languages, rely on unsupported hardware, and demand specialized (and aging) resources to maintain. As a result, maintaining the status quo becomes increasingly expensive and inefficient, ultimately diverting funds away from transformative digital initiatives.

The GAO report identified 10 critical legacy systems across federal agencies that are in dire need of modernization. These systems range in age from 8 to 51 years, or older, and collectively cost approximately $337 million annually to operate and maintain. Some of the most outdated and critical systems include those used by the Internal Revenue Service (IRS), the Department of Transportation, and the Office of Personnel Management (OPM).

For instance, the IRS still relies on applications that are over 60 years old and written in antiquated programming languages such as COBOL and Assembler. These legacy systems create significant security risks, slow down operations, and make it challenging to implement new policy changes efficiently. Moreover, many of these systems are so outdated that they require specialized personnel with decades-old programming knowledge—an increasingly scarce skill set in the modern IT workforce.

The Department of Transportation and OPM also operate legacy systems that face similar challenges. Their infrastructure poses operational inefficiencies, cybersecurity vulnerabilities, and difficulties integrating modern digital services. These examples underscore the widespread issue of technical debt within federal agencies, where outdated infrastructure hampers agility, innovation, and security.

One of the most pressing concerns highlighted in the GAO report is the security risks associated with aging IT infrastructure. Legacy systems often lack modern cybersecurity features, leaving them vulnerable to cyberattacks, data breaches, and compliance failures. As cyber threats evolve, outdated federal systems become prime targets for malicious actors, potentially jeopardizing sensitive government data and national security.

Beyond security concerns, legacy systems also contribute to inflated operational costs. Maintaining outdated software and hardware often requires custom patches, extensive manual interventions, and expensive contract personnel with specialized skills. As a result, agencies are forced to allocate a growing portion of their IT budgets toward sustaining aging infrastructure rather than investing in more secure, efficient, and scalable solutions.

Another significant challenge lies in workforce constraints. The IT professionals who originally developed and maintained these legacy systems are reaching (or have reached) retirement age, and there is a shrinking talent pool with expertise in obsolete programming languages such as COBOL and Assembler.

Recruiting and training new personnel to manage these outdated systems is costly and unsustainable in the long run. Without a clear modernization strategy, agencies risk losing critical institutional knowledge and encountering severe operational disruptions.

Recognizing the urgency of IT modernization, the GAO report indicates that as of May 2023, six out of eight federal agencies have developed comprehensive modernization plans. These plans outline strategies to replace aging systems with more secure, efficient, and cloud-based solutions. However, despite progress, the Department of Transportation and the Office of Personnel Management have yet to fully implement their modernization plans, leaving critical gaps in federal IT reform.

Several agencies have taken proactive steps to modernize their infrastructure. For example, the Department of Housing and Urban Development (HUD) has been working on replacing its COBOL-based applications with modern cloud solutions. The projected savings from this modernization effort are estimated to be around $8 million annually. Similar initiatives in other agencies could yield significant cost reductions, operational efficiencies, and enhanced security measures.

While these efforts are commendable, challenges remain in securing consistent funding, aligning modernization initiatives with agency missions, and ensuring seamless transitions from legacy systems. IT modernization is a complex, multi-year process that requires strong leadership, cross-agency collaboration, and dedicated resources to ensure long-term success.

Modernizing legacy federal IT systems presents significant opportunities for cost savings, enhanced security, and improved operational efficiency. By replacing outdated systems with modern, cloud-based solutions, agencies can reduce maintenance costs, streamline workflows, and strengthen cybersecurity measures.

Cost savings are one of the most immediate benefits of IT modernization. The shift from legacy infrastructure to cloud-based platforms eliminates the need for expensive hardware maintenance, reduces energy consumption, and optimizes IT resource allocation. Agencies can reallocate saved funds toward innovation-driven projects, improving citizen services and operational effectiveness.

Enhanced security is another critical advantage of modernization. Upgrading to modern IT environments ensures that agencies benefit from the latest security protocols, threat detection systems, and automated compliance measures. Given the growing sophistication of cyber threats, investing in secure, resilient IT infrastructure is essential for protecting sensitive government data.

Furthermore, IT modernization enhances efficiency by enabling faster data processing, better system interoperability, and improved service delivery. Agencies can leverage emerging technologies such as artificial intelligence (AI), machine learning, and automation to optimize operations and make data-driven decisions. This improves the speed and accuracy of government services and enhances the overall user experience for citizens and stakeholders.

Modernizing federal IT infrastructure is no longer an option but a critical mission. With over $100 billion allocated annually to IT spending, the continued reliance on outdated legacy systems presents significant operational inefficiencies, security vulnerabilities, and escalating costs. To maximize the value of these investments, agencies must shift their focus from maintaining aging systems to implementing modern, scalable, and secure solutions.

While some progress has been made, persistent challenges—including funding constraints, workforce shortages, and complex technology transitions—continue to slow the pace of modernization. However, agencies that have successfully transitioned from legacy systems, such as the Department of Housing and Urban Development (HUD), highlight the clear benefits of IT transformation. These efforts demonstrate that modernizing core systems can reduce operational costs, improve cybersecurity, and enhance service delivery.

To advance modernization efforts, agencies must adopt a structured, long-term approach. This includes leveraging cloud computing, integrating automation, and strengthening cybersecurity frameworks to build more resilient IT environments. Cross-agency collaboration and public-private partnerships will also be crucial in accelerating modernization initiatives, ensuring that agencies can access the latest technologies and best practices.

A key component of this transformation is the adoption of AI-powered migration technologies that can automate and streamline the modernization process. Traditional legacy system modernization often involves extensive manual coding, system rewrites, and high-risk transitions, leading to costly delays and potential data integrity issues. AI-driven migration tools, however, can analyze existing legacy code, automatically convert it into modern programming languages, and optimize system architecture without requiring a complete system overhaul. These technologies accelerate the transition from outdated mainframes to modern cloud-based infrastructures, significantly reducing operational downtime and minimizing the risk of data loss or system (or project) failure.

Federal agencies that embrace AI-driven migration technologies will not only expedite their IT transformation initiatives but also establish a more secure, scalable, and cost-efficient digital infrastructure capable of supporting future government operations.

The need for modernization extends beyond IT departments—it is a fundamental requirement for maintaining operational effectiveness, securing sensitive government data, and delivering seamless services to citizens. Agencies must take decisive action to overcome existing barriers and implement strategies that ensure their IT infrastructure is equipped for the evolving demands of a digital-first government. By embracing innovative modernization approaches, the federal government can build a more agile, secure, and cost-effective technology ecosystem for the future.