Skip to main content
Press Release Published: May 10, 2023

Hearing Wrap Up: Identifying and Modernizing Aging Federal IT Infrastructure is Crucial to Protecting Cyber Security

Share via Email

WASHINGTON—Today, the Cybersecurity, Information Technology, and Government Innovation Subcommittee held a hearing titled “Risky Business: Costly Inaction on Federal Legacy IT.”  At the hearing, members examined how legacy federal IT systems create security and operational risks and are costly to maintain over time. Subcommittee members asked witnesses about risks to cybersecurity, how the process of identifying outdated systems can be improved, and how Congress can refocus the Technology Modernization Fund (TMF) toward improving, retiring, or replacing existing federal legacy IT systems.

Key Takeaways:

Aging federal information technology (IT), which is increasingly vulnerable to malicious hackers, needs to be replaced. These systems typically function poorly and are costly to operate.

  • Suzette Kent, Chief Executive Officer of Kent Advisory Services, gave examples of the dangers of aging IT systems in her opening testimony.“Reminders of the dangers of archaic IT infrastructure are evident every day in both the public and private sector. Data stolen, travel disrupted, power grids compromised, people in businesses deprived of services, lives threatened, and our homeland security impugned. These dangers are like ticking time bombs becoming more severe as the use of AI and the attacks on encrypted data become more sophisticated.”

The Technology Modernization Fund (TMF) is a funding vehicle, authorized in 2017, to help agencies address this issue, but the projects TMF has funded don’t typically align with that goal.

  • “Despite congressional and executive branch directives, despite creation of new funding vehicles and the ever-present pressure of mission needs, some agencies have still struggled to make significant progress tackling that technical debt,” warned Suzette Kent during her opening testimony.

Congress can find solutions to address the federal IT legacy problem and refocus TMF on its original mission.

  • Kevin Walsh, Director of Information Technology and Cybersecurity at the U.S. Government Accountability Office said, “Agencies should identify their legacy systems and prioritize them to determine what we should keep or modernize, replace, or retire.”

Member Highlights:

Subcommittee Chairwoman Mace (R-S.C.) asked the witnesses how aging federal IT could be identified and how we can improve current identification processes.

Walsh: “Identifying something as legacy requires being familiar with what it’s doing and not doing well. In a lot of cases, we are not doing a good enough job evaluating our own systems and figuring out what’s working and what’s not.”

Subcommittee Chairwoman Mace also asked whether aging federal IT infrastructure poses a risk to cyber-attacks and malicious actors.

Walsh: “As our systems get older, they get more vulnerable, easier to hack, certainly less secure, harder to maintain.”

Rep. William Timmons (R-S.C.) noted that the government needs to be held to account related to data protection and aging technology, just as private industries are.

Walsh agreed: “One would hope that people would be held accountable through hearing such as this today, but I would not want to speculate.”

Rep. Eric Burlison (R-Mo.) inquired about the extent to which agencies manage their own IT systems and what challenges agencies face in developing modernization plans.

Walsh: “Each agency, yes, in the majority of cases, has its own IT department. In addition, agencies that have components or bureaus may also have their own bureaus or departments.”

Rep. Nick Langworthy (R-N.Y.) asked the witnesses about solutions Congress can propose to address legacy IT problems.

Walsh: “To address the legacy IT problem, first we need to figure out where it is. Every agency needs to have a good understanding of what their systems should be doing, evaluate them, see if they meet the mark, and if they don’t maybe it’s time to think about their retirement or a replacement.”

Kent: “A plan that continues to look forward and take advantage of modern technology capabilities that gives you scale and resilience should be a path that not only we are on in federal agencies, but our state and local government partners that deliver those services.”

CLICK HERE to watch the hearing.

READ MORE: Mace: Aging Federal IT Systems are Vulnerable to Cyberattacks