Cybersecurity in the government has certainly come into focus recently as we have witnessed sensitive document troves exposed on WikiLeaks along access to government information from transaction systems. Perhaps the most serious of the latter was the 2015 incident in which the Federal Human Resources database was hacked for more than 22 million records containing sensitive personal information such as Social Security numbers. In this incident the source of the problem was 30-year-old mainframe software written in COBOL that was too technically obsolete to encrypt personal information. This raised the discussion of legacy system security to a new level.
When it becomes apparent that legacy code must be replaced, modernization is often the best possible strategy. With code modernization it is possible to refine the original code and bring it up to modern practices, as well as integrating it with existing software. One of the problems with modernization, however, is that critical applications tend to have thousands of lines of code and a manual rewrite is often impossible. To re-create the software requires a project of similar magnitude to the original development; to leave most of the code intact as a “black box” and build around it results in numerous security issues and inefficiencies, as well as inability to leverage emerging technologies.
In addition to performing documentation, transformation, and refactoring tasks all in-house, TSRI offers the ability for partner organizations to tap into TSRI's ability to parse legacy applications into an intermediate model stage--what we call Common Model Exchange. This provides you with the ability to use your technology against applications written in any of the 32+ legacy languages that TSRI supports, at any stage during a code documentation, transformation, or refactoring project.
If you've ever seen the MUMPS language (used by many healthcare applications in the federal government), it's not the easiest language to understand. One of my colleagues describes it as looking like "a cat walked across the keyboard". Modules are represented by numbers, so "laboratory" might be 332 and "x-ray" might be 497. That's only the beginning.
Modernization of code demands a high degree of precision. It is absolutely critical that the reengineered software performs in the same manner as the original. This requires two things: a rigorous approach to code refactoring based upon tried principles which retain the underlying logic; and a well-planned and consistent program of testing to ensure that logic is preserved and improvements do not in any way alter the function of the code. Testing is vital. Companies need to be certain that their modernized critical software will perform according to exact the same rules as the original.
Enormous amounts of COBOL code have been created and relied upon for decades. It really is the bedrock of early computing. But now, ancient COBOL systems are challenged because the original assumptions under which the code was written are no longer valid. COBOL was designed as a robust business language to handle batch oriented database operations in an ACID environment. Today, these vital systems, including financial, security, transportation, and healthcare solutions continue to run. But access is changed, processing requirements have changed, and the availability of coders to understand, maintain, and augment the systems diminishes year-by-year.
The recent successful and attempted attacks on critical government legacy information systems at the Office of Personal Management and the IRS have provided a stark reminder of just how vulnerable these older systems are. Commercial systems are not immune to criminal and foreign agencies either, and in fact, may have more to lose in the near term in lost revenue, IP theft, negative branding, and the scandals lingering often for years. Sony, Anthem, Banner Health, Home Depot and many others can testify to this fact.