Outdated systems hinder DoJ from responding to cyber threats in real time

Like many federal agencies, the Justice Department has an urgent need to modernize some of its outdated IT systems. The task falls under the purview of the agency chief information officer, and he’s more than ready to upgrade.

But how can an agency get started? Joe Klimavicz, DoJ CIO, said it starts with identifying which systems are considered legacy. Simple, right? Not so much.

“Assessing the extent of legacy systems is a challenging task given that the definition of legacy systems is not really clear or universally defined,” Klimavicz said on Legacy Systems month. “In my words, [a] legacy system [is] one that does not support the mission or can no longer be modernized or supported through standard support agreements.”

Modernizing a system is more than upgrading software. Sometimes software systems and hardware networking  applications have to be completely retired. Klimavicz said the department still has some outdated code that is running on newer, more  modern platforms.

Advertisement

“The old code has limitations and we’re in the process of modernizing that pretty much across the board,” he said. “It’s just a matter of how fast we can get there.”

It’s important to note that not all aging systems are unable to support digital or mobile cloud services. Not all code is necessarily bad. But an agency has to ensure the programs and applications they run are optimized for mobile.

Many do not have the same capabilities needed for a modern workforce that isn’t always in the office.

“The modern workforce just isn’t tied to a desktop,” Klimavicz said on Federal Drive with Tom Temin. “They’re on the go and they want everything to be accessible via mobile devices.”

Systems need to have the right amount of elasticity that allows them to connect with each other through the cloud. Outdated systems don’t just impact the mission within one agency, they also make it difficult to respond and share information across different agencies — whether that’s federal agencies, state or local.

When an agency moves to a digital environment, you have an opportunity to radically change the way you do business

“These legacy systems impact our ability to share information across organizations and typically have somewhat limited analytical capabilities to deliver timely and actionable information,” he said.

Management

In 2017, the Department retired more than 50 legacy systems in 2017.

For an agency as far flung as the Justice  Department, tracking all of those IT projects — especially those centered on development and modernization of legacy applications — requires a strong management overlay.

Klimavicz said DoJ has a top-to-bottom framework already in place to ensure the agency is making the correct investments.

One of the most important things to understand when an agency or business decides to modernize a system or process is where your costs are. Klimavicz said focusing on where the money is going allows the department the ability to make better decisions. Having one financial system makes that job easy, he said.

One superpower? Data centers. Justice currently operates with 30 data centers that ensure updates and cyber attacks are dealt with as quickly and efficiently as possible.

“You want to make sure that you can respond very rapidly to any kind of intrusions … or any kind of anomalous behavior. Because some of these things you have to respond to in seconds, or faster if you can,” Klimavicz said. “You also want to be able to do the analytics and the forensics very rapidly. I think of cybersecurity today [in] real time.”

He said all of the agency’s processes need to be upgraded in order to ensure they can be done in real-time. But how does the agency decide which processes or programs to modernize first?

“It starts with the mission need, but we’re focused on legacy systems with high-security risks that… or have high operating costs due to obsolete programming language,” he said. “The prioritization of mission impact [says] if the legacy system is not supporting the mission properly, then that’s something that gets elevated in terms of need.”

Klimavicz also outlined other criteria DoJ uses to decide which systems to modernize:

  • Aging systems in general;
  • Unsupported codes; and
  • Unsupported hardware.

“At the end of the day it’s all about doing everything we can to enable the mission so our priorities are always complimentary to supporting the mission,” he said. “And certainly as we modernize, we want to make sure we do that without impacting the mission.”

Where does the money come from? The department opted out of funds from the Modernization Government Technology Act passed last December. The Federal IT Acquisition Reform Act (FITARA) gave CIOs like Klimavicz the opportunity to control the agency’s IT investments.

He said instead they are working on a unified financial management system. Klimavicz’s goal for the system is to find where the new components can be migrated fairly easily into the one system.

“It’s certainly a multi-year effort to get to that.”