WASHINGTON – U.S. Senator Maggie Hassan (D-NH), chair of the spending oversight subcommittee, led a hearing yesterday to discuss the costs of the federal government running outdated and inefficient information technology systems, as well as the barriers to modernizing those systems.
To watch the Senator’s questioning, click here.
Costs of Legacy IT Systems
Senator Hassan began by emphasizing the enormous costs of legacy IT systems on taxpayers. “Legacy IT maintenance costs accounted for one-third – about $29 billion – of total spending. However, the actual cost is estimated to be much greater when we consider legacy IT’s negative effects on security, delivery of services, and customer experience,” Senator Hassan said.
Senator Hassan went on to highlight the consequences of relying on legacy IT systems, which are systems that are no longer supported by industry vendors, as well as those that require additional maintenance or specialized knowledge to operate.
One example that the Senator cited is the IRS’s delay in processing tax returns and economic impact payments, which is due in part to its aging system that relies on paper, rather than digital records. Senator Hassan previously questioned IRS Commissioner Charles Rettig on what the agency is doing to address delayed IRS tax returns, and in response, the Commissioner discussed the importance of updating the agency’s IT systems in order to deliver faster, higher-quality service.
“The American people pay the price of failing to modernize legacy IT systems,” Senator Hassan said. “The United States government ranks among the lowest industries in customer satisfaction. Over the past year in particular, my office has received hundreds of messages from constituents struggling to access passports and visas, unemployment benefits, economic stimulus payments, benefits information from the Department of Veterans Affairs, and information on filing taxes.”
Casey Coleman, former Chief Information Officer at the U.S. General Services Administration, responded, “As you point out, we interact with the government on really critical services that we count on, and if those services aren’t delivered effectively there’s a cost… and there’s also a public trust at stake. There’s a confidence in the ability of government to deliver what we are anticipating as taxpayers and as citizens.”
To help improve customer service within the federal government, Senator Hassan introduced bipartisan legislation in 2019 – which passed the Senate – to better assess and improve the customer service experience for Americans dealing with federal agencies.
Cyber Threats
Senator Hassan also asked the witnesses about the impact that legacy IT systems may have on the federal government’s ability to protect against cyber threats.
“One of the issues you have with legacy systems is you can’t put modern protections on — multi-factor authentication, encryption,” said Max Everett, former Chief Information Officer at the Department of Energy. “They’re not protected more because people don’t know them, they’re in fact enabled by a bunch of other things and pretty soon it’s a Rube Goldberg apparatus.”
Kevin Walsh, Director for Information Technology and Cybersecurity at the Government Accountability Office, agreed: “Legacy systems represent a security risk… I don’t think that security through obscurity, or just hoping that the bad guys don’t know the system code, is a good approach.”
As Chair of the Emerging Threats and Spending Oversight Subcommittee, Senator Hassan is working to strengthen cybersecurity in the federal government to help keep Americans safe, secure, and free. Senator Hassan successfully worked to pass the bipartisan DHS Data Framework Act – which is now law – to help ensure that analysts at the Department of Homeland Security can more efficiently identify terrorist threats. Due to the increasing number of cyber threats to government agencies and critical infrastructure, Senator Hassan introduced the bipartisan Hack DHS Act, which was signed into law, to strengthen cyber defenses at the Department of Homeland Security.
###