Federal Efforts to Update Old IT are Years Behind Schedule—We Looked at the Impacts of Delays

Each year, the federal government spends more than $100 billion to manage its IT systems, acquire new systems, or update old ones. Federal IT is used to help provide critical services—everything from health to the economy and national defense. But too frequently, efforts to replace old IT systems fail or are over budget and delayed.

Today’s WatchBlog post looks at our latest work on this issue—including how it impacts mission-critical systems across the government.

Department of Defense 1970s-era Air Force Strategic Automated Command and Control System, Still in Use in 2016

Image

Mission-critical systems, critical pitfalls

Federal agencies use IT systems to manage their day-to-day activities, as well as to provide services and funds to the public. Our new report looked at efforts to acquire 16 critical IT systems, most of which are replacing or modernizing legacy systems. We found that many of these efforts were at high risk of cybersecurity and privacy threats, technical challenges, or budget overruns. For example,

Student Aid. Federal student aid helps many college students pay for school. They apply for assistance through the Free Application for Federal Student Aid (FAFSA). In 2023, the Department of Education launched a new FAFSA application system that was meant to streamline the process and be more user-friendly. Instead, the launch was plagued by errors that affected about 30% of FAFSA forms. In January, Education officials reported that the agency had implemented changes to improve the user experience and streamline the completion of the FAFSA. Nevertheless, the school year is well underway and multiple technical issues remain that continue to make it harder for some students and their families to complete a FAFSA. Education has not yet determined when the new application system will be fully operational.

Delays in the Rollout of the Free Application for Federal Student Aid (FAFSA) Compared to Prior Years

Image

Air Traffic Control. Pilots, air traffic controllers, and other airport personnel currently communicate using systems that are, in some cases, more than 30 years old. Maintaining these systems is increasingly expensive and challenging, raising the safety risk of system outages. The Federal Aviation Administration’s previous attempt to update these systems failed in 2018. FAA subsequently began a new effort to replace its old voice communication systems, which it expects to finish in 2035.

Veterans’ Health. Veterans’ health records are currently stored in a system that is more than 30 years old. After three unsuccessful attempts to replace it between 2001 and 2018, VA initiated a fourth effort—an important step needed to keep up with advancements in electronic record keeping, as well as cybersecurity concerns. But in 2023, VA paused its efforts and announced plans to reset after clinicians and other users reported concerns during the initial rollout. More than a year later, VA has not yet determined when this important new system will be fully operational.

Passports and Visas. The Department of State (State) currently uses multiple legacy systems to process passport and visa applications. In 2018, State began efforts to replace these systems into one with new, user-friendly features like paperless applications. But these efforts have faced funding shortages. For example, during COVID-19, revenues from visa and passport application fees dropped. This has delayed replacement efforts.

These are just a few examples from the 16 mission-critical IT acquisition efforts we looked at. To learn more about the challenges and risks faced in other key acquisitions, check out our recent report.

Federal IT problems have been on our High Risk List for a decade. What’s changed?

While technology and cyber threats are rapidly evolving, the issues with updating federal IT are longstanding. This issue is so significant that in 2015, we added it to our High Risk List. We have made hundreds of recommendations about how to address the government’s aging IT and the risks that poses. And while agencies have taken action on many of these, more than 450 still need to be addressed.

Our new report—an update to our High Risk work—highlights three major IT acquisition and management challenges that need immediate action. These include,

• Strengthening oversight and management of IT portfolios
   
• Implementing mature IT acquisition and development practices
   
• Building federal IT capacity and capabilities

Without action in these areas, agencies will continue to struggle with efforts to replace old and outdated IT systems, resulting in acquisitions that either fail to deliver, are overbudget and behind schedule, or do little to help agencies achieve their missions.

To learn more about how federal agencies could address these challenges, read our new High Risk update.

• GAO’s fact-based, nonpartisan information helps Congress and federal agencies improve government. The WatchBlog lets us contextualize GAO’s work a little more for the public. Check out more of our posts at GAO.gov/blog.
   
• Got a comment, question? Email us at blog@gao.gov.