Floppy Nukes: How the U.S. Government is Failing at IT
Reading about how the United States government conducts certain activities is similar to pressing one's face against the window of a sausage factory: It's often very disturbing to know how certain things are done.
Just like when an IT professional encounters a sentence like this one:
"The Department of Defense uses 8-inch floppy disks in a legacy system that coordinates the operational functions of the nation's nuclear forces."
Yep — it's creeping heeby jeebies time, folks, but not because Skynet is coming ... unless it's writing itself in assembly code.
The above nugget came from a recent report by the U.S. Government Accountability Office (GAO) looking at the current state of Uncle Sam's IT infrastructure. The GAO's report does little to inspire confidence in the government's ability to properly invest in modern IT systems.
The GAO report, an 87-page document released to the public in May, paints a pretty clear picture of the decrepit state of U.S. government information technology. In 2015, the government had an IT budget of over $80 billion for the year. The Feds spent 75 percent of this budget on operations and maintenance of legacy systems, and only 25 percent on modernization, development, and replacement activities.
In fact, the amount of money being spent on development and modernization has decreased by $7.3 billion over the last seven years. The ancient, doddering systems like the one operating America's nuclear arsenal mentioned above are devouring most of the Fed's IT budget in upkeep and operation costs.
According to the GAO report, "Federal legacy IT investments are becoming increasingly obsolete: Many use outdated software languages and hardware parts that are unsupported. Agencies reported using several systems that have components that are, in some cases, at least 50 years old."
Fifty years. That would be 1966: Lyndon B. Johnson was in the White House, Ronald Reagan was elected Governor of California, and the first episode of Star Trek debuted on NBC. Also the Department of the Treasury used an assembly language program running on an IBM mainframe as the authoritative data source for individual U.S. taxpayers.
Oh wait, they're STILL USING that system today. The GAO report states, "The [Treasury] agency has general plans to replace this investment, but there is no firm date associated with the transition." Sorry, citizens, maybe next year we'll upgrade everything to COBOL.
The government IT property for nuke management mentioned earlier in this article is actually known as the Strategic Automated Command and Control System. An impressive name ... for a program that runs on an IBM Series/1 computer from the 1970s, and employs 8-inch floppy disks. Here are the mundane tasks this system is responsible for:
"Coordinates the operational functions of the United States' nuclear forces, such as intercontinental ballistic missiles, nuclear bombers, and tanker support aircrafts."
And maybe it gets used for lunchtime games of Zork, as long as there's no immediate need for tactical nuclear deployment.
I mentioned COBOL in jest earlier, but that's actually the programming language used to write the software the Department of Veterans Affairs uses to "automate time and attendance for employees, timekeepers, payroll, and supervisors." The department also uses a number of COBOL mainframe applications to track claims filed by veterans for benefits eligibility.
Look, I'm not sassing on COBOL here. It was a great programming language for its time — three or four decades ago at best. The problem here is that the majority of the federal government's IT money is being spent on keeping its systems firmly entrenched in the 1970s. Three-quarters of Uncle Sam's annual IT budget is basically serving as tech museum upkeep.
The GAO report states that more than 5,200 of the government's 7,000 or so IT investments are spending all of their budget funds on operations and maintenance. It is highly unlikely that this is the most efficient or productive use of billions of taxpayer dollars.
And what about security? Robert Bigman, former Chief Information Security Officer for the CIA, has said that, "When you talk to hackers, specifically Russian cyber-hackers, what they fear is not that we're going to get our act together on cyber-intelligence. What they are concerned about is that we're going to get our act together on how to secure firmware and operating systems."
The current model of simply patching together legacy systems is not sustainable, particularly from an IT employment perspective. The people who know how to maintain and operate mainframes, or troubleshoot programs written in assembly language, COBOL, or FORTRAN, are leaving the workforce in record numbers. Their replacements are unlikely to have the knowledge necessary to keep these legacy systems up and running.
This problem with dated technology also impacts the experience people have when accessing some government online systems. The proliferation of smartphones running fast, well-designed mobile apps has changed our expectations when dealing with any online system. The user experience provided by many of the government's online sites and automated systems is terribly dated in comparison with the modern internet.
Based on its findings, the GAO has put together a list of 16 recommendations for the federal government to get its IT house in order. The recommendations list one key activity multiple times: Departments need to address their obsolete technologies and create hard targets for replacing or otherwise modernizing legacy IT.
The GAO asks the relevant departments to create plans that "include time frames, activities to be performed, and functions to be replaced or enhanced."
Accountability is, as you might expect from the lumbering and byzantine U.S. government apparatus, a problem. Legacy IT is not a particularly sexy election issue, and the level of pressure which can be brought to bear on department CIOs is limited. Recent media coverage of the GAO report, however, which included several juicy headlines about the nuclear program and its 8-inch floppies, has a good chance of kindling some productive activity around these critical systems.
It would be more reassuring if the nation's nuclear arsenal were being controlled by something a bit beefier, like a Commodore 64 or an Atari 800XL. At least the support techs would be able to play M.U.L.E. or Gauntlet while waiting for the missiles to fly.