It’s hard to muster the strength to talk about Windows XP anymore. In March 2014 it still held 30 percent of operating system marketshare, and now it’s down to 12 percent, which shows improvement but is still not zero. Don’t forget, XP is 14 years old. Organizations have encountered challenges as they work to eliminate XP from their networks, and (suprising no one) a recent audit shows that the Internal Revenue Service is struggling.
“Inadequate Early Oversight Led to Windows Upgrade Project Delays” is not a confidence-inspiring report title. And the findings of the audit are even more concerning. The IRS has spent $128 million in its attempt to upgrade all computers away from Windows XP and all servers away from Windows Server 2003. But when the Treasury Inspector General for Tax Administration, or TIGTA, conducted the audit between December 2014 and June 2015, about half of the agency’s servers and more than 1,000 computers still had not been upgraded.
“At the conclusion of our fieldwork, the IRS had not accounted for the location or migration status of approximately 1,300 workstations and upgraded only about one-half of its Windows servers,” the report explains. It’s a diplomatic way of saying that a bunch of computers were missing, whether they were hiding in plain sight or in a black-market parts exchange somewhere.
TIGTA offered some recommendations to the IRS’s chief technology officer, namely that he or she “ensure that all workstations have been adequately accounted for,” which you’d think would have already been a priority. But apparently not. The IRS responded that “it has accounted for all workstations that need to be upgraded.” So … great. But where were they before? And still the report says that:
Approximately 3,000 Windows 2003 servers continue to be delayed for upgrade. IRS officials informed us that they are uncertain this number is correct because when many of these servers were deployed, inventory controls were not in place and they are uncertain whether all of these servers are running the Windows 2003 version of the operating system.
TIGTA estimates that the IRS will spend $11 million more in 2015 on the initiative, bringing the project total to $139 million. And keep in mind that upgrading away from Windows XP and Windows Server 2003 just means moving to Windows 7 and Server 2008, operating systems that are themselves woefully outdated. The agency will have to do additional upgrades with a new budget to actually bring its systems into this decade.
Using legacy operating systems is a problem because it makes systems more vulnerable to hacks. And since the IRS stores valuable information about millions of people it’s especially important for the agency. Don’t forget that the agency disclosed a big data breach in May.
All of this is making the Navy’s disastrous upgrade process look a little better. Or maybe it’s just making every agency look worse.