Typically making a top 10 list is something positive, but the top 10 list Social Security recently made, according to the Government Accountability Office (GAO), is not one that most people would consider an achievement.
The list includes agencies, as identified by the GAO, which need to update technology systems and increased modernization.
From the GAO report:
Among the 10 most critical legacy systems that GAO identified as in need of modernization (see table 1), several use outdated languages, have unsupported hardware and software, and are operating with known security vulnerabilities. For example, the selected legacy system at the Department of Education runs on Common Business Oriented Language (COBOL)—a programming language that has a dwindling number of people available with the skills needed to support it. In addition, the Department of the Interior’s system contains obsolete hardware that is not supported by the manufacturers. Regarding cybersecurity, the Department of Homeland Security’s system had a large number of reported vulnerabilities, of which 168 were considered high or critical risk to the network as of September 2018.
Of the 10 agencies responsible for these legacy systems, seven agencies (the Departments of Defense, Homeland Security, the Interior, the Treasury; as well as the Office of Personnel Management; Small Business Administration; and Social Security Administration) had documented plans for modernizing the systems (see table 2). The Departments of Education, Health and Human Services, and Transportation did not have documented modernization plans. Of the seven agencies with plans, only the Departments of the Interior and Defense’s modernization plans included the key elements identified in best practices (milestones, a description of the work necessary to complete the modernization, and a plan for the disposition of the legacy system). Until the other eight agencies establish complete modernization plans, they will have an increased risk of cost overruns, schedule delays, and project failure.
No response yet from Social Security about any immediate plans to improve the modernization protocols set forth by the GAO.
