State government’s computers so primitive they’re tough to hack

by Chris Reed | December 25, 2014 6:30 am

The hack of Sony Pictures by shadowy types believed associated with the North Korean government took another twist on Christmas Eve when Sony went ahead and released “The Interview” on YouTube after initially caving to hackers’ demands and scrapping plans for any release of the crude, Pyongyang-mocking comedy. But the hack still portends a new era in which large institutions are targeted not just to steal secrets but for other purposes — starting with embarrassment and manipulation.

So which sort of institution is particularly vulnerable? One would think the state of California because of its long history of incompetence in upgrading and installing computer systems.

old.computersThis is from a 2010 Sac Bee story about the state being unable to adjust paychecks to reflect fewer hours paid during a furlough:

“California’s payroll computer system is so old that it relies on programming language, Common Business Oriented Language, or COBOL, that was introduced in the late 1950s, popularized in the 1960s and 1970s, and is no longer routinely taught to programmers.

“’When I was studying computer science in India, in 1973, none of us wanted to study because it was considered old-fashioned back then,’” said Prem Devanbu, computer science professor at the University of California, Davis.

State agency overwhelmed by computer chores

This is from a Governing magazine story the same year:

Dale Jablonsky, who until August was CIO of the California Employment Development Department (EDD), knows the situation all too well. The EDD runs California’s unemployment insurance program, where caseloads skyrocketed during the current recession. As the economic downturn deepened, Congress repeatedly extended the length of time individuals could draw unemployment benefits.

“In all, federal lawmakers approved seven benefit extensions since the recession began — and each was a nightmare for the EDD. Every extension requires changes to several hundred interconnected computer programs in the EDD’s eligibility system. Those programs are written in common business oriented language (COBOL), an ancient programming language, and modifications must be hand-performed by increasingly rare — and expensive — COBOL experts.

“’It typically takes two to three weeks to implement changes, depending on how complex the federal legislation is,’ Jablonsky says. ‘Sometimes the legislation is so complex it takes five to six weeks to implement.’ Indeed, implementing one particularly complex piece of legislation in late 2009 required changes to 650 programs in the EDD system. The resulting delay in mailing unemployment checks made front-page news throughout the state … .”

COBOL not hospitable to hackers

Oddly enough, however, using a computer language invented in 1959 actually is a deterrent to hackers. Computer World explained why in 2000. COBOL is a …

… simple language that’s so easy to read, it’s impossible to hide malicious programs. A language for mainframe data locked securely behind tried-and-tested access controls like the Resource Access Control Facility (RACF), Top Secret and ACF2…. Checking code for malicious programs is easy in COBOL.

COBOL can be part of a larger security problem when programmers try to connect it with newer software that can be accessed over the Internet. But by itself, its backwardness is an asset.

So now the government in the state that’s home to Silicon Valley and the birth of the information technology revolution has a reason to remain trapped in the mid-20th century on its IT.

Merry Christmas!

Source URL: https://calwatchdog.com/2014/12/25/state-governments-computers-so-primitive-theyre-tough-to-hack/