PRESIDENTIAL TRANSITION: PRIORITY TOPIC MEMO
SEPTEMBER 2024
RECOMMENDATIONS TO MODERNIZE
ARCHAIC AND INSECURE LEGACY SYSTEMS
Significant numbers of critical federal information technology
(IT) systems that provide vital support to agencies’ missions are
operating with known security vulnerabilities and unsupported
hardware and software.
These legacy systems support important missions like wartime readiness and
the operation of dams and power plants. They also host sensitive taxpayer and
student data. The Government Accountability Office (GAO) has reported on these
systems since 2016, highlighting the security risks, unmet mission needs, and
increased maintenance costs associated with outdated systems. Most recently,
GAO reported that some legacy systems are more than 60 years old, with some
operating software that is up to 15 versions out of date.
1
In addition, many of
the systems do not support multi-factor authentication, and as a result they are
unable to support the desired zero trust approach called for in federal policy.
Last year, the Federal Aviation Administration’s systems outage that canceled
1,300 flights and delayed more than 10,000 in a single day highlighted both the
criticality of these legacy systems and the impact that a single outage can have
on our transportation network and on the daily lives of thousands of citizens.
The Case for Action
Of the $100 billion the federal government spends annually on IT, 80 percent
goes toward operating and maintaining existing systems. Over the past several
years, the calls for action to address this disproportionate spending and to phase
out these archaic systems have been loud and clear:
• In 2022, Senator Maggie Hassan introduced the Legacy IT Reduction Act of 2022
(S. 3897) that required (1) agencies develop an inventory of legacy IT systems, (2)
agencies create a plan to modernize these systems, and (3) Office of Management
and Budget (OMB) issue guidance on the bill’s implementation.
In 2023, the Senate reintroduced this legislation (S. 2032).
• In July 2022, OMB and the Office of the National Cyber Director issued
a memorandum highlighting cyber investment priorities for 2024 budget
submissions. These priorities include zero trust implementation, securing our
critical infrastructure, supply chain risk management, and IT modernization
(including accelerated adoption and use of secure cloud infrastructure).
3
Recommendations
to OMB for
Modernizing Legacy
IT
Provide guidance to
develop IT modernization
plans and budgets
Use the IT Dashboard to
monitor progress
Utilize public-private
partnerships to address
modernization efforts
MITRE’s mission-driven teams are
dedicated to solving problems for a
safer world. Through our public-private
partnerships and federally funded R&D
centers, we work across government and
in partnership with industry to tackle
challenges to the safety, stability, and
well-being of our nation.
mitre.org
