WATCH | Outdated software used by federal agencies has an impact on cybersecurity risks.
The government has been spending billions of dollars a year maintaining outdated software and computers, in some cases on systems that have not been upgraded for 50 or more years. And now, in the shadows of one of the worst hacks in global history, federal workers are sounding alarm.
BeyondTrust, a cybersecurity company that does work with the government, said its anonymous survey of federal IT managers found 42 percent of them had suffered a data breach in the last six months, 47 percent of them were still using Windows XP that no longer is supported by Microsoft and 81 percent believed outdated software has an affect on their agency’s cybersecurity risks.
Morey Haber, vice president of technology at BeyondTrust, compared the IT infrastructure used by federal agencies to a crumbling bridge. “I think everyone should be concerned with it, I don’t think there’s a reason for panic," he said.
Haber isn’t alone in concern. The Government Accountability Office (GAO) reported a year ago this month that federal agencies are spending about $60 billion on operating and maintaining their IT infrastructure. Lawmakers on the House Oversight and Government Reform Committee expressed alarm then about the creaking IT infrastructure.
Among those flagged by the GAO for using aging IT were the Defense Department, the Veterans Affairs Administration, the Social Security Administration, the Treasury Department and the Transportation Department, all agencies with sensitive data ranging from social security numbers to personal taxes. Many agencies were using computers and operating systems that were a decade or more old, and some legacy infrastructure was a half century old, the GAO warned.
David Powner, director of IT issues for GAO whose team performed the study last May, said little has changed in the year since. “In terms of if we are actually turning those things off, I’m not aware of a single one,” he said.
Circa News reached out to each of all the agencies asking for the status of their upgrades. The VA, DOT, DOD and SSA all confirmed they are still in the process of upgrading their systems highlighted by the GAO. The other agencies failed to respond.
Lisa Schlosser, former deputy chief information officer and current lecturer in the Georgetown School of Continuing Studies' Technology Management program, confirmed that nearly half of federal agencies could be using the unsupported Windows XP, but added that “the scope of the problem is well beyond XP and the scope of the risk is well beyond one technology.”
“The situation is close to a breaking point if we don’t address these legacy systems,” she warned.
The importance of upgrading aging software has been put in the spotlight after the recent WannaCry ransomware cyberattack targeting Windows XP and Windows 7, which is also widely used by federal agencies, according to Haber.
“Federal Agencies are increasingly at risk for systems moving forward. The main consideration is new vulnerabilities are always being found even in end of life operation systems,” he said.