Public sector initiatives to migrate to the Cloud often go hand in hand with overall efforts to modernize legacy applications and business processes.
Modernizing aged legacy IT applications in government is a pressing need driven by inefficiencies, security risks, and the demand for better service delivery.
These systems, often decades old, were built with outdated technologies like COBOL or mainframe architectures, making them costly to maintain, hard to integrate with modern tools, and ill-suited for today’s digital demands.
In the USA this is an especially mammoth challenges. The U.S. federal government spends over $100 billion annually on information technology (IT), with approximately 70-80% of that budget allocated to operating and maintaining existing systems, many of which are classified as “legacy.”
These systems are often outdated, relying on obsolete programming languages (e.g., COBOL), unsupported hardware, or software no longer patched by vendors. They support critical missions across agencies like the IRS, Department of Defense (DoD), Social Security Administration (SSA), and others, yet they pose risks due to security vulnerabilities, high maintenance costs, and inefficiencies.
Key Legacy Applications Identified by GAO (as of Recent Reports)
In a 2019 GAO report titled “Information Technology: Agencies Need to Develop Modernization Plans for Critical Legacy Systems” (updated in subsequent testimonies, e.g., May 2023), the GAO identified 10 critical federal IT legacy systems deemed most in need of modernization. While not all systems are named publicly in granular detail due to sensitivity, the report provides examples and characteristics.
Below is a synthesis of these systems, their roles, and estimated costs, supplemented by broader context where specific updates are unavailable:
| Application | Description | Status / Issues | Estimated Maintenance Costs |
| Internal Revenue Service (IRS) – Individual Master File (IMF) | The IMF is a core tax-processing system, dating back to the 1960s. It handles individual taxpayer accounts and is written in COBOL and assembly language. | Still operational as of 2023, with modernization efforts underway (e.g., the Customer Account Data Engine, CADE 2, is gradually replacing parts of it).
Uses outdated languages, struggles with high transaction volumes, and has known security vulnerabilities. |
Approximately $40-50 million annually (part of the IRS’s broader legacy IT budget, which exceeds $300 million yearly for multiple systems). |
| Department of Defense (DoD) – Mechanization of Contract Administration Services (MOCAS) | Initiated in 1958, MOCAS manages contract payments for the DoD. It’s one of the oldest systems still in use, relying on COBOL. | Operational with modernization plans in progress but not fully implemented as of 2023.
Unsupported hardware components and a shrinking pool of COBOL programmers increase costs and risks. |
Around $20-30 million per year. |
| Social Security Administration (SSA) – Title II Systems | Manages Social Security benefit payments, with components dating to the 1970s and 1980s, heavily reliant on COBOL. | Partially modernized, but legacy elements persist as of 2023.
Aging infrastructure and difficulty integrating with modern systems. |
Approximately $50 million annually. |
| Department of Transportation (DoT) – Hazardous Materials Information System (HMIS) | Tracks hazardous materials data, with roots in the 1980s. | Lacks a complete modernization plan as of May 2023 (per GAO).
Outdated software and incomplete documentation hinder upgrades. |
Around $10-15 million per year. |
| Office of Personnel Management (OPM) – Retirement Systems Modernization (RSM) Legacy Components | Manages federal employee retirement benefits, with legacy parts from the 1980s. | Modernization stalled; incomplete plans noted by GAO in 2023.
Known security vulnerabilities and high operational costs. |
Estimated at $15-20 million per year. |
| Department of Homeland Security (DHS) – Immigration and Customs Enforcement (ICE) Systems | Legacy elements of ICE’s case management and tracking systems, some from the 1990s. | Operational with partial upgrades.
Integration challenges with newer platforms. |
Approximately $20-25 million annually. |
| Small Business Administration (SBA) – Loan Management Systems | Manages loan processing, with components from the 1980s and 1990s. | Modernization in progress but not complete.
Relies on unsupported software. |
Around $10-15 million annually. |
| Department of the Treasury – Treasury Enforcement Communications System (TECS) Legacy Parts | Supports law enforcement data sharing, with origins in the 1980s. | Partially modernized; legacy components remain.
Security risks and high maintenance overhead. |
Approximately $25-30 million per year. |
| Department of the Interior – Financial and Business Management System (FBMS) Legacy Elements | Manages financial operations, with older subsystems from the 1990s. | Operational with ongoing modernization.
Compatibility and scalability limitations. |
Around $15-20 million annually. |
| Department of Defense (DoD) – Defense Logistics Agency (DLA) Legacy Systems | Includes supply chain management systems like the Standard Automated Materiel Management System (SAMMS), dating to the 1970s. | Still in use with gradual replacement efforts.
Obsolete hardware and software increase costs. |
Approximately $30-40 million per year. |
Total Estimated Maintenance Costs
The GAO reported that these 10 critical legacy systems collectively cost about $337 million annually to operate and maintain as of their 2019 assessment.
Adjusting for inflation and incremental cost increases (e.g., rising labor costs for rare skills like COBOL programming), this figure likely exceeds $350-400 million in 2025, though exact current costs depend on modernization progress and agency-specific budgets.
This estimate covers only these 10 systems; the government operates hundreds of other legacy systems, pushing total maintenance costs into the billions when factoring in the broader 80% of the $100 billion IT budget ($80 billion) spent on operations and maintenance.
Broader Context and Trends
- Age Range: These systems range from 8 to over 50 years old, with some components (e.g., in MOCAS) predating modern computing paradigms.
- Languages and Tech: COBOL, assembly, and unsupported platforms (e.g., old IBM mainframes) dominate, complicating maintenance.
- Modernization Efforts: As of May 2023, six of the ten agencies had implemented GAO recommendations for modernization plans, but DoT and OPM lagged. By 2025, further progress may have occurred, though full replacement remains slow.
- Risks: Security vulnerabilities, lack of vendor support, and a shrinking talent pool (e.g., average COBOL programmer age is 58) drive up costs and risks.
Challenges in Pinpointing Exact Current Systems
- Dynamic Nature: Agencies continuously retire, replace, or patch systems, so the list evolves. For instance, the IRS’s IMF has seen partial modernization via CADE 2, but legacy components persist.
- Limited Public Data: Detailed, real-time inventories are classified or not fully disclosed for security reasons.
- Budget Aggregation: Costs are often reported in aggregate (e.g., IRS IT budget) rather than per system, requiring estimates.
Conclusion
As of March 3, 2025, the U.S. government continues to operate critical legacy applications like the IRS’s IMF, DoD’s MOCAS, and SSA’s Title II systems, among others identified by the GAO.
These 10 systems alone cost an estimated $350-400 million annually to maintain, a figure dwarfed by the broader $80 billion spent yearly on all legacy IT maintenance. Modernization efforts are underway, but the pace is uneven, leaving taxpayers footing a hefty bill for outdated, risky technology.
