by clicking on the page. A slider will appear, allowing you to adjust your zoom level. Return to the original size by clicking on the page again.
the page around when zoomed in by dragging it.
the zoom using the slider on the top right.
by clicking on the zoomed-in page.
by entering text in the search field and click on "In This Issue" or "All Issues" to search the current issue or the archive of back issues respectively.
by clicking on thumbnails to select pages, and then press the print button.
this publication and page.
displays a table of sections with thumbnails and descriptions.
displays thumbnails of every page in the issue. Click on a page to jump.
allows you to browse through every available issue.
GCN : July 2015
GCN JULY 2015 • GCN.COM 11 THE RECENT REVELATION of a breach at the Office of Personnel Management, which resulted in the theft of the personal information of millions of government employees, underscores a broader problem the government has with legacy systems: deciding whether it’s worth spending the money to secure them. Not that securing OPM’s systems would have done much good in this case. Andy Ozment, assistant secretary for cybersecurity and communications at the Department of Homeland Security, said the systems were not directly pene- trated. Instead, attackers ob- tained OPM users’ network credentials and got to the systems and data from the inside. OPM CIO Donna Sey- mour told a recent hearing of the House Oversight and Government Reform Committee that the agency was implementing database encryption, but some legacy systems were not capable of being encrypted. She added that some of OPM’s systems are more than 20 years old and writ- ten in Cobol, so they would require a full rewrite to in- clude encryption and other security such as multifactor authentication. It is a governmentwide problem. Many financial and administrative systems that are central to agencies’ daily operations use the nearly 60-year-old Cobol. Most agency CIOs have targeted those systems for replacement, but it’s not a simple rip-and-replace job because any mistake could have a severe impact on the agency’s ability to fulfill its mission. For that reason, many agencies have chosen to maintain those systems for now, but that’s not cheap either. OPM said last year that maintaining its legacy systems could cost 10 per- cent to 15 percent more a year as people with the nec- essary expertise retire. And throughout government, legacy systems account for more than two-thirds of agencies’ annual IT spending. That expertise is unlikely to be replaced. Colleges aren’t turning out Cobol- trained coders anymore, and with Cobol way down on the list of popular lan- guages, that won’t change. Agencies could bring in con- sultants to rewrite the code, but again, that’s not cheap. Nevertheless, Cobol is not likely to disappear anytime soon. Because of its ubiquity and utility, many IT officials will continue to use it until it’s pried out of their cold, dead hands. Meanwhile, old mainframe companies that have recently refocused on the cloud continue to update their Cobol tools to keep pace with current IT trends. It’s not as though prob- lems with legacy systems were the only reason for the breaches at OPM. Lawmak- ers also berated agency officials for their lack of attention to security gover- nance issues that had been brought up years ago and were highlighted again last year in a report by OPM’s inspector general. But the legacy issues are real and, according to some reports, extend even to “legacy” security systems such as signature-based fire- walls, intrusion-prevention systems and other widely installed devices that are not capable of stopping modern, fast, sophisticated and chameleon-like threats. However, the situation with the federal government is probably not as bad as that of a public school dis- trict in Grand Rapids, Mich., that is still running the air conditioning and heating systems for 19 schools via a 1980s-era Commodore Amiga — the personal computer that was popular for home use — because a replacement system would reportedly cost as much as $2 million. At least, we hope not. • What’s worse: Living with legacy systems or replacing them? BY BRIAN ROBINSON CYBEREYE Spending on old vs. new IT $82 billion total federal IT spending in fiscal 2014 $59 billion devoted to operations and maintenance $1.41B out of $1.43B NASA’s 2014 spending on O&M $1.44B out of $3.13B Department of Transportation’s 2014 spending on O&M Source: Government Accountability Office 0715gcn_011.indd 11 7/1/15 10:08 AM