Defra 'confident' it has 'handle' on risk for 30% of apps out of support

The UK's department for farming and agriculture has said it is "confident" it is managing the risk related to a whopping 30 percent of its applications being out of vendor support.

The Department for Environment Food and Rural Affairs (Defra) has one of the biggest problems with legacy IT across all UK government departments, according to the National Audit Office (NAO).

The public spending watchdog found the £2.2-billion ($2.71 billion) budget department estimated that it needed to spend £726 million ($894 million) on legacy over the four-year period from 2021-22, the second largest legacy spend requirement after the Home Office. In a report published in December 2022 [PDF], the NAO also found 30 percent of these applications unsupported by the vendor.

Speaking to MPs last week, Tamara Finkelstein, the department's most senior civil servant, said that 20 percent of applications were in direct support, 50 percent in extended vendor support and 30 percent unsupported.

"[They are] out of support and therefore we have been unable to extend the support. We've got to monitor it and keep a much closer eye on it. We've got other suppliers supporting us to ensure that we can be supported if things go wrong. It is a really difficult position," she explained to the Public Accounts Committee, Parliament's spending watchdog.

She said that because the department had inherited so many satellite agencies, the situation may be worse than the NAO revealed, because there was "gray" IT the department's central function was unaware of.

"We've got some money to identify those and bring them into the fold. It's possibly slightly worse than described, but I feel confident that, by using our group approach and investing, we've got a handle on it, which is allowing us to manage the risk," she told MPs.

Chris Howes, Defra's chief digital and information officer, explained that internal tech teams, plus service providers including Capgemini and IBM were available if anything went wrong with an application. "As part of that 'hypercare', we carry out additional routine monitoring of those services. We're more acutely aware if there is an issue, and then we're able to quickly stand up support in the event of something happening to one of those applications."

The department has also received investment to upgrade its applications, although questions remain over whether it is enough.

Defra estimated that it needed to spend £726 million ($894 million) on legacy over the four-year period from 2021-22 and that it would take until 2030 to resolve all its legacy issues, according to the NAO.

• Software devs targeted as British tax authority makes fraud allegations
• University of Texas latest US school to ban TikTok
• We're just shouting into the void, says US watchdog offering cybersecurity advice
• Indian official reveals 'plan' to build a national mobile OS

However, in the spending review, HM Treasury agreed funding of £366 million ($450 million) for general digital investment across Defra Group for the three-year period.

Howes said: "The important difference is that while the legacy applications programme will bring things up to a supportable standard — hopefully, they won't fall over and won't be subject to [a] risk of cyber-attack — what that doesn't invest in is kind of broad or transformational change in those activities, such as removing paper forms, or, for example making applications available on mobile devices rather than on laptops."

The Animal health Agency's SAM, the system that records bovine TB, has only recently been upgraded. Prior to the upgrade, vets resorted to buying old laptops on eBay as it was the only way to log on to the system, Finkelstein, Defra's permanent secretary, admitted. ®