7 November 2020 | New Scientist | 47148 million consumers from credit rating
agency Equifax. The company forked out
$700 million in fines and settlements and a
US House of Representatives report accused
it of relying on legacy systems with known
security risks. Ancient, sprawling legacy
systems have caused regular IT failures at
airlines in the US and elsewhere, too.Fake it till you make it
Fixing the problem isn’t easy. When the
Commonwealth Bank of Australia replaced
its core COBOL platform with software
developed by the German company SAP in its
ABAP language in 2012, the switch took five
years and cost $750 million. The GAO report
highlighted a US Internal Revenue Service
system in urgent need of modernisation.
The upgrade would cost $1.6 billion, for
an operation normally requiring just
$5.5 million a year to run. “The payback
period on that is just huge,” says Harris. “This
is why, in many cases, you wind up with these
systems that just sit in the corner quietly and
diligently doing their job until they break.”Then there is the risk factor. When the UK’s
TSB Bank attempted to upgrade to newer
banking software in 2018, many customers
were locked out of their accounts for a week,
costing the company £330 million and CEO
Paul Pester his job. Often, too, important
business rules that govern how a company
operates are embedded in software and, if
not properly documented, can be forgotten
as employees retire. “If you were to replace
the system you might actually lose that
corporate memory that is embodied in
that code,” says Scherlis.
That is why most “modernisation” efforts
in corporate IT focus on surface details, says
Tom Winstanley at NTT Data UK, which helps
upgrade legacy software. Rather than
updating core systems, many businesses
adopt a “fake it till you make it” approach
of adding new features such as e-commerce
websites or flashy web apps – like adding
new floors to a building that is crumbling
rather than repairing the foundations.
The coronavirus pandemic has laid bare
the short-sightedness of that approach, says
Winstanley. As entire workforces shift toAnd the strain is showing. A 2019 report
from the US Government Accountability
Office (GAO) identified 10 ageing “legacy”
federal IT systems whose creaking code is
expensive to maintain and increasingly
prone to serious failures or hacking. These
include those that underpin the federal Social
Security Administration, that keep the Air
Force’s planes battle-ready and even those
that operate major dams and power stations.
“Think about how many people, how much
infrastructure, how much capital is
downriver from a dam,” says Carol Harris
at the GAO, who wrote the report. “Imagine
if that were hacked or went offline and the
dam went through a catastrophic release.”
It isn’t just government bodies affected
by this. Last year, the UK Financial
Conduct Authority said it had received
853 notifications of IT outages at financial
institutions in 2018/19 – a dramatic increase
on the previous year as banks, trying to
compete with finance start-ups, raced to
add new features to their systems, some of
which have code dating back to the 1970s. In
the US in 2017, cybercriminals stole data on
A glitch in
the science?
“Legacy code” (see main story)
is also a big problem in
academia, where old, poorly
maintained computer programs
can be prone to bugs that
throw off results, says
Caroline Jay, research director
at the UK-based Software
Sustainability Institute,
which advocates for better
programming training for
scientists.
Researchers have to write
software for everything from
data analysis to modelling
natural processes, but most
learn these skills in an ad hoc
way. They are perennially short
of money and time to properly
sustain their code. “Being a
scientist is a full-time job,” saysJay. “It’s really difficult to be an
expert in both of those areas.”
The tendency to repurpose
code written by other
researchers can also cast a long
shadow. Last year, scientists
discovered a glitch in a tool
to predict nuclear magnetic
resonance spectra, a key
method used to characterise
chemicals. The tool, published
in a 2014 paper, gave different
results on different computer
operating systems.
The software has been
cited by other researchers
more than 150 times. It isn’t
clear how many of those
teams actually used the tool,
or how many results were
thrown out by the glitch.>