Interior signs up for Windows Server 2003 support
- By Adam Mazmanian
- Aug 28, 2015
Caught between a rock and a hard place, the Interior Department opted to sign on for extended maintenance for its Microsoft Windows Server 2003 licenses.
The agency's Bureau of Reclamation announced a one-year limited-source award to Microsoft reseller New Tech to support 100 licenses of Windows Server 2003. Interior made the award on a limited-source basis because of "urgent and compelling need," according to contracting documents posted on FedBizOpps on Aug. 21.
Windows Server 2003 ended its extended product-support phase on July 14, 2015, requiring organizations to sign up for what could be expensive support or go without software updates and patches.
"Due to recent cyberattacks on federal government IT systems, [the Office of Management and Budget and the Department of Homeland Security] have issued mandates for additional cybersecurity for all federal government IT systems, and assuming the risk of keeping these systems online without current patches is not a prudent or judicious option," the contracting documents state.
The value of the contract was not made public.
Interior's award comes on the heels of the hack of Office of Personnel Management data, which included exfiltration of personally identifiable information from a data center hosted by Interior. The agency's inspector general also recently issued a report that identified security weaknesses in public-facing websites, including those maintained by the Bureau of Reclamation.
Interior is by no means alone in relying on out-of-support tech. The Navy recently signed a $9.1 million contract with Microsoft to support legacy Windows systems, including Server 2003. The Treasury Department's Alcohol and Tobacco Tax and Trade Bureau recently announced a plan to sole-source Server 2003 support to Microsoft. Worldwide, 175 million websites are served from Server 2003-supported computers, according to a survey by Netcraft, an Internet services company based in England.
The risk of sticking with out-of-support systems depends on the sensitivity of work they support. "The risk on workstations is bad but not awful," Scott Montgomery, vice president and chief technology strategist at Intel Security, told FCW, GCN’s sister site. "Depending on what kind of data is on these old servers, the risk could be awful."
Despite the long lead time Microsoft has given users to plan for Windows Server 2003's obsolescence, organizations often don't move until it's too late. And migrating to newer systems or the cloud can be tricky for agencies. Legacy applications that run fine on Windows Server 2003 might have problems on a new operating system or in the cloud. Updates for legacy software might be harder to come by or more expensive than support for obsolete operating systems.
"For these large federal organizations," Montgomery said, "it's really painful to migrate. It sucks."
A longer version of this article originally appeared on FCW, a sister site to GCN.
Adam Mazmanian is executive editor of FCW.
Before joining the editing team, Mazmanian was an FCW staff writer covering Congress, government-wide technology policy and the Department of Veterans Affairs. Prior to joining FCW, Mazmanian was technology correspondent for National Journal and served in a variety of editorial roles at B2B news service SmartBrief. Mazmanian has contributed reviews and articles to the Washington Post, the Washington City Paper, Newsday, New York Press, Architect Magazine and other publications.
Click here for previous articles by Mazmanian. Connect with him on Twitter at @thisismaz.