COBOL-based system for $160B pension fund is a political football
An audit claims the system poses risks, but the office overseeing it calls it a dependable 'workhorse'
IDG News Service - A COBOL (common business oriented language)-based system used to support New York's $160 billion state pension fund has become the subject of controversy, with some officials claiming it poses a potential security risk and others defending it as "battle-tested," albeit set to be replaced.
Dubbed MEBEL (member, employer, benefits, executive and legal), the system dates back more than 25 years, according to an audit released earlier this month by the state Department of Financial Services. It "supports the core business processes of the retirement system including benefits processing, calculating and payment, employer billing and reporting, and enrollment and termination of membership," the audit adds.
"Using a system that is more than 25 years old for such a high volume of transactions is dangerous, particularly because the systems and programs MEBEL was intended to interface with are also now very outdated and there are a small and dwindling number of specialists able to use and maintain them," the audit states.
The audit also found that MEBEL had been using versions of IBM's z/OS mainframe operating system and Microsoft's SQL Server that were so out of date, they weren't supported by the vendors. While the state has upgraded SQL Server it won't do the same for z/OS until later this year, according to the audit.
"Software vendors do not create security patches or fixes for recently identified problems for software that is past their formal support end dates," it adds. "This lack of security and functionality protection leaves the retirement system's data vulnerable to bugs and to security breaches, including attacks by hackers."
The Department of Financial Services falls under the auspices of New York Governor Andrew Cuomo's administration, but the pension system is overseen by New York state Comptroller Thomas DiNapoli, who is elected separately and also serves as the state's auditor. The two have sparred politically over various issues in recent years, including DiNapoli's handling of the pension fund and Cuomo's budget proposals.
DiNapoli's office responded to the DFS audit on Friday, saying it contained "numerous inaccuracies, misleading statements and errors."
MEBEL is a "secure and battle-tested system" and COBOL is a "very stable language used extensively throughout state government as well as financial institutions around the world," the statement added.
A "reliable work horse," MEBEL has been "constantly maintained and updated," DiNapoli's office said. "None of the hardware or software used by the System is old. The mainframe was purchased in 2009 and the software is current. A stable computer system has a low risk of sudden and arbitrary failure."
Although COBOL dates back more than five decades, its time of invention is "irrelevant" in light of this ongoing maintenance, he added.
- Best iPhone, iPad Business Apps for 2014
- 14 Tech Conventions You Should Attend in 2014
- 10 Desktop Apps to Power Your Windows PC
- How to Add New Job Skills Without Going Back to School
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- 3 Steps for Enterprise Mobility Success: Strategy, Roadmap and Policy Having a mobile strategy is as essential as having a business plan or mission statement. A mobile strategy communicates to stakeholders, IT and...
- Enterprise Collaboration Strategy An Enterprise Collaboration Strategy will help organizations speed up innovation, better serve customers and quickly pivot to adopt rapidly changing Unified Communications &...
- Riverbed Stingray Application Firewall: Securing Cloud Applications with a Distributed Web Application Firewall Responsibility over IT security is moving away from the network and IT infrastructure and to the application and software architecture itself. IT organizations...
- The MDM advantage: Creating insight from big data To help enterprises create trusted insight as the volume, velocity and variety of data continue to explode, IBM offers several solutions designed to...
- The Software-Defined Data Center: Is your ADC ready? Data center transformation is accelerating beyond virtualization to next-generation cloud architectures and software-defined data centers, bringing new challenges for application performance, scalability and...
- Solving the Big Data Challenge of Sensor Data This webcast will focus on sensor data applications and IBM's differentiated offering to solve the IT challenges of sensor data for better business... All Enterprise Architecture White Papers | Webcasts