NPR logo

U.S. Chief Information Officer Seeks To Upgrade Government's Computers

  • Download
  • <iframe src="https://www.npr.org/player/embed/500115472/500115473" width="100%" height="290" frameborder="0" scrolling="no" title="NPR embedded audio player">
  • Transcript
U.S. Chief Information Officer Seeks To Upgrade Government's Computers

National Security

U.S. Chief Information Officer Seeks To Upgrade Government's Computers

U.S. Chief Information Officer Seeks To Upgrade Government's Computers

  • Download
  • <iframe src="https://www.npr.org/player/embed/500115472/500115473" width="100%" height="290" frameborder="0" scrolling="no" title="NPR embedded audio player">
  • Transcript

The man who oversees the federal government's computer infrastructure is seeking more than $3 billion to upgrade and make the system more secure. He says trying to make current computers, some of which are decades old, safe from hacking is like trying to put airbags in an old car.

ARI SHAPIRO, HOST:

Hacking has been a persistent issue during this campaign. Emails from a top Clinton aide have been posted on WikiLeaks and the federal government has raised concerns about the security of state voting systems. The federal government's own computer systems are vulnerable to hackers and one reason is that they are decades old. The person in charge of government IT is seeking some $3 billion to bring them up to date.

NPR's Brian Naylor reports.

BRIAN NAYLOR, BYLINE: U.S. Chief Information Officer Tony Scott describes his job this way.

TONY SCOTT: I'm kind of the surgeon general for the health of IT in the federal government.

NAYLOR: And as such, he's issuing a surgeon general's dire warning for government computer systems.

SCOTT: Most agencies get just enough funding to keep whatever information systems capability they have on life support.

NAYLOR: Scott was previously CIO at Microsoft and Disney. He now occupies a much smaller office at the Eisenhower Executive Office Building, though one with a great view of the White House. He says computers across government are old, really old, and vulnerable to hackers.

SCOTT: The reality is that systems that are 25, 30, 40 years old were never designed to defend against the kinds of cyber threats that we have today.

NAYLOR: Scott isn't exaggerating. A report by the Government Accountability Office found that some computers the Defense Department uses to operate the nation's nuclear weapons forces still rely on a 1970s-era system with 8-inch floppy disks. Several agencies, including the VA and Social Security Administration, have a system that uses a computer language called COBOL, developed in the '50s and '60s.

And the Treasury Department keeps vital tax records on IBM mainframes that date to 1960. Protecting those antique systems from hackers, Scott says, is a struggle.

SCOTT: It's kind of like trying to put airbags into an old car. You can do it but it's not going to look pretty and it's not probably going to work as effectively as a new car that had airbags incorporated as a part of the design.

NAYLOR: The government spends some $80 billion on its IT system and most of that goes towards keeping those legacy computers up and running. The Obama administration has asked Congress for another $3.1 billion to set up a modernization fund that agencies could borrow from to replace their old systems with up-to-date technology.

Some opponents of more spending argue that the old government systems are more secure than they seem because modern hackers aren't familiar with the dated technology. But Frank Cilluffo, director of the Center for Cyber & Homeland Security at George Washington University, doesn't buy the security through obscurity argument.

FRANK CILLUFFO: The reality is the providers of patches, the providers and coders and vendors who are fixing loopholes are no longer working on a number of the old legacy systems, meaning that hackers can exploit, in essence, the same holes over and over again.

NAYLOR: But even if the government were to modernize all of its systems tomorrow, hackers would probably move just as fast. Cilluffo says it's government's responsibility to manage the risk from cyber intruders, to have redundant systems and says government managers at every level have to take responsibility, that it's not just the CIO's job. Brian Naylor, NPR News, Washington.

Copyright © 2016 NPR. All rights reserved. Visit our website terms of use and permissions pages at www.npr.org for further information.

NPR transcripts are created on a rush deadline by Verb8tm, Inc., an NPR contractor, and produced using a proprietary transcription process developed with NPR. This text may not be in its final form and may be updated or revised in the future. Accuracy and availability may vary. The authoritative record of NPR’s programming is the audio record.