With numerous breaches over years, including at the Office of Personal Management (OPM), the Internal Revenue Service (IRS), and serious leaks at both the CIA and NSA, many are wondering what the state of government IT infrastructure might be. Unsurprisingly, government agencies suffer from bureaucracy and funding problems, which make it difficult to update and maintain critical computer systems. In fact, there are numerous computer systems currently in use today that are more than 40 years old, according to a recent article on the government-themed website NextGov. What do those computer systems do? Well, among other things, running the Individual Master File of the IRS that manages all taxpayer data, and the Strategic Automated Command and Control System that manages communications to nuclear forces. Apparently, even the threats of death and taxes is not enough to move government IT into the 21st century.
Attempts at updating and protecting systems often end up stymied due to political tug of wars, and the difficulty in retaining talented professionals in an industry where private sector salaries can dwarf government paychecks. Even with the daunting task, some lawmakers and government officials are pushing to make cybersecurity a priority across the government, and for additional budget allocations to upgrade systems. Senator Ron Wyden, the senior senator from Oregon, is pushing to have the US Senate implement two-factor authentication, to improve the security of the Senate’s computer systems.
The federal government is not alone in its struggle to keep pace with innovation. State governments are also in the cyber quagmire. The think-tank the Brookings Institution did a report on what cybersecurity initiatives or plans states have, and the results range from reasonably comprehensive to non-existent. Even so, Pennsylvania State Representative Rob Matzie has introduced a bill into the state legislature to require encryption for sensitive data sent by Pennsylvania state employees, among other things.
When even secretive organizations like the CIA are struggling to secure their classified data from potential leakers, it’s always worth noting that humans are the weakest link in cybersecurity, and world-class technology systems and an unlimited budget will not completely solve every problem. But at the very least, upgrades to 40-year old computer systems might be a good start.