How federal agencies can accelerate IT systems modernization with AI
AI can explain older programming languages, assist in developing new code and expedite vulnerability remediation.
Despite significant industry pressure, many public sector organizations still need to rely on decades-old legacy IT systems that can increase security risks and costs, cause personnel shortages, and slow development groups from delivering mission-critical applications.
Meanwhile, IT modernization can be a lengthy process, given the pervasiveness of memory-unsafe languages in these large systems. In fact, 70% of vulnerabilities may be due to legacy systems and memory-unsafe languages. This code can be difficult to decode and update to a modern memory-safe language.
Many legacy applications are massive and time- and resource-intensive to convert to new languages or modern application structures, which is why modernization initiatives are often deprioritized in government agencies. Developers require experience, deep knowledge of multiple languages, and, most crucially, the time to dedicate to modernization.
Last month, I wrote about the strategic opportunity ahead for public sector organizations to incorporate AI responsibly and sustainably. One way to begin actioning that opportunity is by using AI as a tool for modernization.
There are three key ways that agencies can introduce AI in their modernization efforts: explaining older programming languages, assisting in greenfield code development, and expediting vulnerability remediation.
Memory-safe roadmaps: A starting place
Government agencies are being encouraged to move to the cloud, but their legacy code is often decades old and written in a C-based language on monolithic architecture. CISA recommends that public sector organizations and software makers publish a memory safety roadmap, detailing how they plan to modernize their software development lifecycle. Replicating this process is a place for many agencies to start, with careful consideration for what details are published to avoid creating new targets for malicious actors.
It begins with a deep understanding of an agency’s inventory of applications and where they run. From there, agencies can proceed with understanding the associated languages, compute needs, and areas for improvement – tasks AI is particularly well suited to address.
Explaining and updating legacy code
A team of developers may not have insight into the legacy languages used in the code base, which makes deciphering the source code a daunting and time-consuming task. Developers can use AI to explain the existing code in natural language, and then generate new code in a memory-safe language.
The new code can then be architected to run on cloud infrastructure, utilizing microservices or other available compute resources. As a result, the streamlined code can perform the same function more efficiently, with faster runtime responses and new scalability.
In addition to updating legacy code, AI can be used to develop greenfield applications based on use cases or functions. Developers can use natural language for the required inputs and AI can develop frameworks and code blocks to support those functions, even writing significant portions of applications using modern architectures.
Vulnerability scanning and remediation
Security has become more of a shared responsibility between security professionals and developers than ever before. With the near-constant threat of bad actors targeting known vulnerabilities in applications and infrastructure, AI assistance can help teams drive more secure solutions faster.
Whether new code is being generated or not, AI can be used to analyze data patterns and user behavior, perform root cause analysis, automate security testing and analysis, and even implement fixes for vulnerabilities. This can help drive a rapid response to new threats, reducing the response time to new threats from hours to minutes. By lightening the workload of security teams and empowering developers to identify and mitigate vulnerabilities independently, AI enables stronger collaboration between the two teams.
As we enter 2024, the capabilities of AI are maturing rapidly, and predicting timelines can be difficult. However, we can take advantage of existing AI technologies to accelerate IT modernization efforts for government agencies – from code assistance and explanations to automated test creation, vulnerability explanations, and remediation assistance. The longer agencies maintain their legacy systems, the more risks they potentially incur.
Modernization provides a strategic opportunity to align AI capabilities with IT priorities. Leveraging AI to upgrade legacy systems and incorporate automation into government IT is low-risk and high-reward.
NEXT STORY: Unleashing 'Evidence 2.0'