Think about the technological advances that have been made in the last ten years. In 2008, there were no iPads, 4G phones, or Ubers. Now extrapolate this to include the last fifty years. No Google, GPS, and perhaps most importantly, no internet.
So what’s the point of taking a walk down this technological memory lane? Because according to the Government Accountability Office (GAO), there are still government agencies actively using technology that is up to 56 years old. For example, the Department of the Treasury’s Individual Master File is written in assembly language code and is operating in an outdated IBM mainframe.
To emphasize this point even further: As of 2016, the Department of Defense’s Strategic Automated Command and Control System—which is responsible for coordinating the operational function of the United States’ nuclear forces—is powered by an IBM Series/1 Computer and uses eight-inch floppy disks. How’s that for antiquated?
Cybersecurity is A State of Mind
So, what is happening here? Well, as the Institute for Critical Infrastructure Technology (ICIT) so aptly put it, “Cybersecurity modernization is a state of mind.” Key decision-makers continue to see cybersecurity as a low priority, using patchwork solutions to meet absolute minimal requirements.
To be fair, it can be difficult to find a convenient time to take a system completely offline in order to replace it with modernized technology. However, neglecting to invest the time to properly update technology is like patching a sinking ship while it’s still out at sea; to fix it right, you need to take it out of the water.
However, there is another issue: All this slipshod maintenance isn’t cheap. In fact, it’s costing billions.
The Price of Low Priority
The federal government invests more than $80 billion on information technology (IT) annually. The problem is, this budget is being misallocated. The GAO found that, in 2015, a staggering 75% of the total amount budgeted for IT was spent on operations and maintenance (O&M) investments.
Unfortunately, this figure has only continued to rise. Conversely, there has also been a $7.3 billion decline in development, modernization, and enhancement investments since 2010. More specifically, the GAO found that 5,233 of the government's approximately 7,000 IT investments are spending all of their funds on O&M activities, which equated to about $60 billion in 2017.
But it’s not just that O&M investments are costly. The GAO reviewed many moderate to high-risk investments in government agencies. To cyber criminals and fraudsters, this is a gold mine.
Case in point, in Ponemon Institute’s 2017 Cost of a Data Breach Study, researchers found that the average cost of a data breach in 2017 was $3.62 million. Furthermore, the average cost per lost or stolen records was $141 dollars. That cost doesn’t seem high until you remember that Yahoo lost a mind-bending one billion records in two back-to-back attacks.
The Persuasion of Safety & Savings
In order to break the pattern of misspending, CIOs and CISOs need to prove to key decision-makers that cybersecurity is a top priority. To do this, executives need not only to be aware of the millions that can be lost due to a breach but also how these attacks can happen, and of course, how technology solutions can actually lower the bottom line.
In 2016, auditing giant KPMG, surveyed a pool of executive-level government officials and contractors to better understand the state of federal cyber security. To say the least, their findings were disconcerting.
65% said that the federal government as a whole can detect ongoing cyber-attacks.
59% said their agency struggles to understand how cyber attackers could potentially breach their systems.
40% said they are unaware of where their key assets are located.
40% believe their agency’s incident response plan is not effective in responding to cyber-attacks.
What these statistics make glaringly apparent is that we need government officials to participate in regular cyber-security trainings. Moreover, it is imperative that governance policies address the dangers of operating legacy systems.
In the midst of all the bad news about the federal government’s outdated infrastructure, the Modernizing Government Technology Act was codified when President Donald Trump signed the 2018 National Defense Authorization Act. This IT legislation now makes it a law to modernize obsolete technology for federal agencies.
CIOs and CISOs should also use the bottom line to persuaded decision makers to allocate more budget toward cyber security investments. As ICIT’s Dispelling the Fear of IT Modernization report highlighted:
The processing power and memory storage capabilities of computer-based technology doubles every 18 months. This means that objectively, a decade-old system will inherently be about four times less efficient than a new system. Many of the systems employed in federal agencies are not a decade old; instead, they are older than most of the personnel hired to maintain them.
Moreover, former CIO Tony Scott pointed out to ICIT that the annual O&M investment on a new system is roughly $0.15 on every dollar of investment, as opposed to an estimated $0.74 on every dollar to keep a legacy system limping along. Thus, not only are legacy systems four times less efficient than newer systems, but they are also about four times as expensive to maintain.
Get the Resources You Need
We understand there are hurdles to jump through when modernizing your IT infrastructure. That’s why Federal Resources Corporation (FRC) delivers cost-effective, modernized cybersecurity solutions across commercial, federal, and international markets.
From system integration to program management, we’ll tailor a solution to your specific agency. If you’re interested in learning more, contact us at (703) 687-9787 or click here to contact us today.