The dangers of out-of-date IT systems

22 Jun 16

Holding on to legacy IT systems becomes more expensive and risky with every year – and takes money away from innovation

Holding on to legacy IT systems becomes more expensive and risky with every year – and takes money away from innovation

Photo: Shutterstock

The US Department of Defense recently admitted that the Strategic Automated Command and Control System, which coordinates intercontinental ballistic missiles, nuclear bombers and tanker support aircraft, still runs on a 1970s computer system and uses eight-inch floppy disks. These disks were phased out in the 1990s – a 16GB memory stick holds the equivalent of 65,000 of these disks.

This disclosure is within a report by the Government Accountability Office, the US equivalent of our National Audit Office, which calls for federal agencies to address the problem of their aging legacy systems. The US Treasury, for example, is still using a 56-year-old system – written in assembly language, a low-level computer code that is difficult to write and maintain – as the authoritative data source for individual taxpayers when accounts are updated and taxes are assessed. The report concluded that the federal government spent about 75% of its $80bn IT budget for 2015 on operations and maintenance, and that was because many of its systems are becoming increasingly obsolete.

This means less money is available to invest in development, modernisation and enhancement. Investment in new developments has fallen by $7.3bn since 2010; at the same time, the US Office of Management and Budget has directed agencies to move to cloud computing and shared services to make IT more efficient and enable innovation.

It is worrying to hear that the world’s richest nation is coordinating its nuclear arsenal and managing its tax affairs using ancient technology, but it is not alone. Many banks are still relying on 1960s and 1970s systems. In 2012, RBS was fined £56m after its payments systems crashed, leaving millions of RBS, NatWest and Ulster Bank customers unable to access accounts, a glitch that lasted for 23 days. TalkTalk was fined £3m in 2011 after problems with its legacy billing systems; when it was hacked in 2015, it was widely rumoured that its systems were older than the attackers.

When our own National Audit Office last looked in detail at the risks posed by legacy systems in 2013, it estimated that at least £480bn of the government’s annual operating revenues and £210bn of non-staff expenditure relied to some extent on legacy ICT. It noted, for example, that the system supporting VAT collection was introduced in 1973 and costs £430m a year to run, and that, while the system has been updated and moved to new hardware, HMRC was relying on very old technology to support 1.9 million customers and process 7.7 million VAT submissions. Similarly, NHS prescription payments ran on a system dating back to 1996 and the Department for Work & Pensions’ system for assessing state pensions was introduced in 1987 and costs £385m a year to run.

As NAO head Amyas Morse said at the time: “Legacy systems are a fact of life. The challenge is how intelligently they are managed and whether they are being retained, updated, replaced or phased out.”

As every year goes by, the costs of retention increase as skills become scarcer, the risks associated with replacement expand, and systems that were designed before the internet was invented become ever more vulnerable to attack. Are you still relying on legacy systems?

  • John Thornton
    John Thornton

    John Thornton is the director of e-ssential Resources and an independent adviser on business transformation, financial management and innovation.

Did you enjoy this article?

AddToAny

Top