During the first week of May 2017 President Donald Trump signed a cyber security executive order focusing on upgrading government IT systems to improve the state of digital security. The order was long awaited by many given the recent tidal wave of security breaches and hacking attacks affecting major corporations in the US and has been considered a positive step forward by many leaders in the field. The document states that the President has implemented a new technology council to take responsibility over advising the US government on ways to modernize its existing IT systems and operations, meeting with Silicon Valley innovators to come up with a strategy to upgrade the outdated technology. The order also calls on the Director of National Intelligence to “provide access to classified information on cybersecurity threats, vulnerabilities, and mitigation procedures to the ATC” to improve knowledge and facilitate change.
What are the implications?
The POTUS’ cyber security executive order is an important step for the country, demonstrating government recognition of the current issues threatening US cyber security and the risks that come with reliance on outdated IT systems. By launching a government commitment to tackle these issues head on, we can expect that the implementation of modernized systems will reduce the threat of cyber attacks and provide greater security protection, which, in turn, will filter down to influence other corporations to take similar action, leading to a safer digital environment across the USA.
The dangers of legacy IT
Many companies still rely on IT systems that are over 3 years old to run their businesses and the security risks this poses are widespread, with data breaches having the potential to affect large groups of the population if they occur. Older systems are more likely to suffer vulnerabilities for three main reasons.
1. Design – most older IT systems weren’t designed with security in mind in the way that modern technology now is. These services do not tend to support advanced encryption and authentication processes required to create a secure environment, meaning that ensuring a high level of security protection becomes increasingly difficult and expensive as the level of threat becomes more and more sophisticated.
2. Familiarity – hacking older software is a lot easier for cyber attackers as they have had plenty of time to explore and become familiar with these programs, being able to take the time to establish any weaknesses in the programs and perfect their attack. This is why many browser extensions are no longer supported by software vendors (for example Google not running Flash)
3. Evolution – after a certain amount of time, IT systems will stop supporting new updates and patches as they cannot run the code effectively. This leaves the older systems vulnerable to threats such as viruses and malware which would be picked up by these security updates on a newer model.
The benefits of modernizing government IT systems
NextGov suggests that the US federal government spends around three quarters of its $80 billion IT budget on legacy system running costs. Whilst an upgrade in technology is expensive and holding off modernization due to budget restraints seems understandable, it is a false economy. As we can see with this statistic, the cost of maintaining a functioning legacy system can often be vast, and if a data breach occurs due to vulnerabilities in an old system, the financial and reputational implications will always outweigh the cost of upgrading.
By modernizing governmental IT systems, the threats posed by outdated systems will be mitigated and the system will be better protected against hackers, viruses and data loss. Newer systems built with security concerns at their heart will be able to facilitate the updates and patches needed to protect the government system from the latest cyber dangers. Given the reach and impact that US government IT systems have on vital services such as the military and the fact that they hold valuable data on the population as a whole, taking these steps towards upgrading will be a genuine move towards a safer and more efficient tech system that will help to protect the US from the devastating risks of cyber threats caused by legacy IT.