The White House plans to make a push to modernize the technology within federal civilian agencies and sunset costly legacy systems, according to a new White House National Cybersecurity Strategy released Thursday.
The federal civilian agency modernization effort is key to strengthening the cybersecurity apparatus and resiliency of digital services provided by the government and will do so primarily by replacing legacy systems with more secure technology, “including through accelerating migration to cloud-based services,” the strategy report highlighted.
“OMB will lead development of a multi-year lifecycle plan to accelerate FCEB [Federal Civilian Executive Branch] technology modernization, prioritizing Federal efforts on eliminating legacy systems which are costly to maintain and difficult to defend,” according to the new National Cybersecurity Strategy signed by President Joe Biden.
“The plan will identify milestones to remove all legacy systems incapable of implementing our zero trust architecture strategy within a decade, or otherwise mitigate risks to those that cannot be replaced in that timeframe,” the cyber strategy report said.
A prior draft of the same cyber strategy report included a 10-year deadline for federal civilian agency technology modernization, but that deadline is now a “multi-year lifecycle plan,” according to a person familiar with the matter.
Agencies including Treasury and the Department of Homeland Security continue work to replace IT systems that provide a cybersecurity weak spot for government departments.
Around one-third of the digital applications the IRS runs are out of date, including some running software from 1959, which have raised fresh concerns about cybersecurity issues, workflow management and the agency’s ability to process hundreds of millions of U.S. tax returns, according to a U.S. Government Accountability Office audit from last month.
Homeland Security also has “longstanding” deficiencies with its legacy IT systems and decentralized operations, the agency’s Office of the Inspector General (IG) found in a 2020 investigation.
The IG audit at the time found “significant operational challenges” with three key legacy systems in particular that could use improved oversight coupled with cloud migration and data center consolidation.