Departments and agencies across the federal government need to adopt a “philosophy” of continuously upgrading and modernizing their information technology (IT) systems and networks to improve security, lower costs and improve efficiency and productivity, Tony Scott, the United States Chief Information Officer (CIO), said on Wednesday.

This continuous upgrade and replacement culture is “in keeping with future progress that will be made in the technology world,” Scott said at the Security Summit hosted by 1105 Media Group. “And, today, we don’t have that process in place.iStock Cyber Lock

The need for department and agency CIOs to adopt this IT modernization mindset is borne from the fact that the government is saddled with legacy IT equipment and software that is decades old, insecure, and in some cases is at or near end of life. Scott said that earlier this year he asked three of the government’s key IT suppliers for cost estimates on equipment that will go end of life in the next three years and their response was about $7.5 billion.

That means “you can’t get spare parts, you can’t get patches, you can’t get upgrades,” Scott said. “That’s a little bit of a problem. And that’s just from three suppliers.”

Scott said these estimates don’t include software obsolescence.  On top of this is equipment and software that has already gone end of life or which the government doesn’t pay maintenance for.

The cyber security challenge is that the “old stuff creates a surface area that’s quite attractive to people who want to do us harm,” Scott said. He pointed out that the ways to hack into these legacy systems are relatively easy.

“Until we get that stuff replaced and upgraded and put in place more secure architecture and easily defended infrastructure and applications, we’re going to have a problem,” Scott said. He added that the culture of continuous upgrades and modernization also means that agency CIOs have to be sending the necessary “demand signals” to Congress on what needs to be replaced “so it’s always visible, its front page news in your agency.”

Earlier this year President Barack Obama announced a comprehensive national plan for cyber security that includes a $3 billion IT modernization fund that federal agencies could borrow against to modernize and replace their IT systems and then repay the fund with the savings achieved through the upgrades.

Scott said if agencies have technology that is 20 years old, “I guarantee there are savings” to be found with modernization projects. “You can dramatically increase your capacity or dramatically lower your costs or come somewhere in between.”

The payback feature of the IT modernization fund means that agency management will keep an eye on the “successful” implementation of upgrade and replacement projects, Scott said.

Scott said that following a cyber breach of the Office of Personnel Management last year there has been a sprint to successfully bolster cyber defenses across the federal government, yet there is still “tons” more to do.

With a change of presidential administrations looming, Scott said the Obama administration is working hard to ensure a smooth transition in the IT space. Every agency is preparing materials on its current IT status, work underway, and future opportunities, he said.

The next administration and CIOs will have a “contextually appropriate view of IT across the federal government and inside their own agencies,” Scott said. “They’ll have a roadmap of opportunities and challenges that they’ll have to deal with.”