There have been many cybersecurity gaps outlined in a new White House directive that calls on federal agencies to address hundreds of vulnerabilities stemming from the government’s aging computer systems according to technology chiefs, lawmakers, and industry analysts.

The efforts to upgrade these systems are typically disrupted by budget restrictions, chronic talent shortages, and a consistent turnover of agency IT leaders. As a result, some of the vulnerabilities listed in the directive, issued by the Biden Administration, date back years in older versions of software from Microsoft Corp. and other large technology firms. Agencies that haven’t continually upgraded these and other applications may lack the necessary protections to avoid the kinds of organized, sophisticated, and widespread attacks that have crippled public- and private-sector systems in recent years.

The years of neglect have made a lot of agencies a major target for hackers – making cybersecurity and federal IT modernization efforts inextricably linked initiatives. The directive lists 290 known cybersecurity flaws and describes these flaws as bearing a significant risk to the federal enterprise. According to the directive, agencies were supposed to have addressed major security flaws by Wednesday, November 17th. Minor security flaws need to be addressed by May 3, 2022.

The Government Accountability Office’s IT and cybersecurity unit estimates that utilized software across the federal government is, on average, about seven years old –  including a 35 year old Transportation Department system that holds sensitive aircraft information and a nearly 50 year old system used by the Education Department to store student loan data. These older systems mean agencies are operating overly complicated IT infrastructure that is not only expensive to maintain, but difficult to fully protect. Not to mention, these agencies are completely relying on manual processes. 

Daniel Castro, vice president of the Information Technology and Innovation Foundation, stated “Instead of new policies, federal officials should create measures to gauge agency compliance with existing rules, while accelerating efforts to update legacy systems across the government. Newer systems tend to have more features that allow for remote management, and many cloud-based systems do not rely on users to manually deploy patches.” 

For more insights, read the full article here.

Point solutions and legacy tools will only hinder your organization. You need a simple, scalable solution that will provide the necessary data and insights needed to help improve your ITFM practice. Modernization is critical and Proven Optics is here to help. We have leveraged the ServiceNow platform to build flexible, purpose-built, commitment-based applications to modernize and automate legacy budget processes. Take the next step with us today and start running IT like a business. Learn more at