Mace: Aging Federal IT Systems are Vulnerable to Cyberattacks
WASHINGTON—Cybersecurity, Information Technology, and Government Innovation Subcommittee Chairwoman Nancy Mace (R-S.C.) opened today’s subcommittee hearing on “Risky Business: Costly Inaction on Federal Legacy IT” by highlighting how aging and outdated information technology systems used by the federal government pose major national security risks.
Below are Subcommittee Chairwoman Mace’s remarks as prepared for delivery.
Good afternoon, and welcome to this hearing of the Subcommittee on Cybersecurity, Information Technology, and Government Innovation.
An important role of this subcommittee is ensuring federal information technology is well-managed. The Federal government depends on IT systems for everything from national defense to homeland security to the administration of benefit programs. In all, we spend upwards of $100 billion of tax dollars annually on federal IT.
Notably, seventy-five to eighty percent of this spend currently goes to operate and maintain existing IT systems. And much of that infrastructure is aging and obsolete. It relies on a shrinking pool of workers versed in archaic computer languages like COBOL, which came into common use sixty years ago.
I myself learned COBOL when I was starting my career. At that time and now, computer coding provides a pathway for girls and women to advance into STEM fields.
But today’s aspiring young coders are not learning COBOL. That’s why the government – whose aging IT workforce includes many more individuals over sixty than under thirty — is now rehiring federal retirees just to maintain its decrepit computers.
A few years ago, GAO compiled a list of the ten federal IT systems most in need of overhaul due to their criticality and their obsolescence. One is a COBOL-based system used to process about 20 million federal student financial aid applications annually. The system is older than the Department of Education, which opened its doors in 1980.
Another COBOL-based system on GAO’s list is an IRS system containing taxpayer data that went on-line in 1968 – more than a half-century ago.
The IRS continues to keep taxpayer data on this and other hugely outdated systems despite pouring billions of dollars over the years into failed modernization efforts.
The Biden Administration is now set to hire 20,000 new auditors over two years, as part of a massive $80 billion hike in IRS spending. But what the IRS needs most are modern computers and call centers that answer the phone.
What scares me is that federal legacy computer systems are highly vulnerable to cyberattacks from malicious actors, including enemy nation states. And the danger is going to get a lot worse fast. The rise of Artificial Intelligence will soon lead to increasingly sophisticated cyber-assaults.
That’s why it’s more important than ever that the data of millions of students and taxpayers not live in half-century old IT systems that are easily exploited by our enemies.
So, we need to make progress on IT modernization by whatever means is at our disposal.
A new funding vehicle, the Technology Modernization Fund, was created in 2017. It provided another tool for replacing legacy IT. But it’s become clear that it’s a tool that needs sharpening. So, I intend to introduce legislation soon that will do just that. I expect this hearing to help inform that bill. Congress must act to ensure taxpayer personally identifiable information and other sensitive data are not wide-open for thieves and foreign actors to plunder.
With that, I yield to the Ranking Member of my Subcommittee, Mr. Connolly of Virginia.