State government’s computers so primitive they’re tough to hack

State government’s computers so primitive they’re tough to hack

The hack of Sony Pictures by shadowy types believed associated with the North Korean government took another twist on Christmas Eve when Sony went ahead and released “The Interview” on YouTube after initially caving to hackers’ demands and scrapping plans for any release of the crude, Pyongyang-mocking comedy. But the hack still portends a new era in which large institutions are targeted not just to steal secrets but for other purposes — starting with embarrassment and manipulation.

So which sort of institution is particularly vulnerable? One would think the state of California because of its long history of incompetence in upgrading and installing computer systems.

old.computersThis is from a 2010 Sac Bee story about the state being unable to adjust paychecks to reflect fewer hours paid during a furlough:

“California’s payroll computer system is so old that it relies on programming language, Common Business Oriented Language, or COBOL, that was introduced in the late 1950s, popularized in the 1960s and 1970s, and is no longer routinely taught to programmers.

“’When I was studying computer science in India, in 1973, none of us wanted to study because it was considered old-fashioned back then,’” said Prem Devanbu, computer science professor at the University of California, Davis.

State agency overwhelmed by computer chores

This is from a Governing magazine story the same year:

Dale Jablonsky, who until August was CIO of the California Employment Development Department (EDD), knows the situation all too well. The EDD runs California’s unemployment insurance program, where caseloads skyrocketed during the current recession. As the economic downturn deepened, Congress repeatedly extended the length of time individuals could draw unemployment benefits.

“In all, federal lawmakers approved seven benefit extensions since the recession began — and each was a nightmare for the EDD. Every extension requires changes to several hundred interconnected computer programs in the EDD’s eligibility system. Those programs are written in common business oriented language (COBOL), an ancient programming language, and modifications must be hand-performed by increasingly rare — and expensive — COBOL experts.

“’It typically takes two to three weeks to implement changes, depending on how complex the federal legislation is,’ Jablonsky says. ‘Sometimes the legislation is so complex it takes five to six weeks to implement.’ Indeed, implementing one particularly complex piece of legislation in late 2009 required changes to 650 programs in the EDD system. The resulting delay in mailing unemployment checks made front-page news throughout the state … .”

COBOL not hospitable to hackers

Oddly enough, however, using a computer language invented in 1959 actually is a deterrent to hackers. Computer World explained why in 2000. COBOL is a …

… simple language that’s so easy to read, it’s impossible to hide malicious programs. A language for mainframe data locked securely behind tried-and-tested access controls like the Resource Access Control Facility (RACF), Top Secret and ACF2…. Checking code for malicious programs is easy in COBOL.

COBOL can be part of a larger security problem when programmers try to connect it with newer software that can be accessed over the Internet. But by itself, its backwardness is an asset.

So now the government in the state that’s home to Silicon Valley and the birth of the information technology revolution has a reason to remain trapped in the mid-20th century on its IT.

Merry Christmas!

3 comments

Write a comment
  1. bob
    bob 25 December, 2014, 09:05

    Chris, what are you doing working on Christmas day?

    Be like a pensioned trough feeder. For them every day is Christmas thanks to the taxpayers.

    Reply this comment
  2. Ulysses Uhaul
    Ulysses Uhaul 25 December, 2014, 11:51

    yawn.

    Reply this comment
  3. Ian
    Ian 26 December, 2014, 11:05

    While I’ll concede it is hard to insert malicious code since it is very English like. We had a program that when printed out, was an inch high and it was found that a block of the same code was repeated in it.

    Reply this comment

Write a Comment

Leave a Reply



Related Articles

CalWatchdog Morning Read – November 9

Supermajority eludes Democrats Ballot measure breakdown Congressional update Good morning. As you know, Donald Trump will be the next president

California GOP Never Learns

John Seiler: California desperately needs a competitive second party to challenge the mega-majority Democrats. Too bad the main alternative is

Unions Root Cause Of Prison Problem

Editor’s Note: We would like to welcome Joseph Perkins as a new CalWatchdog columnist. Perkins is the Business Editor for