When Superstorm Sandy hit the New York space in 2012, components of New York Metropolis suffered a week-long blackout.
I used to be dwelling in Brooklyn on the time, and I used to be fortunate sufficient to have energy.
That meant that my house become a workspace for a half-dozen associates who had misplaced their energy.
Now, having a half-dozen associates crash at your house is enjoyable for a number of days. However in my expertise, the marginal utility begins to say no by round day 4…
Particularly if you understand there’s an opportunity they may by no means go away.
Final week, tens of tens of millions of individuals throughout Spain and Portugal had been confronted with the same downside when each international locations all of the sudden misplaced energy.
It was one of many worst blackouts in European historical past.
And as we mentioned in our final problem, one thing related may occur right here within the U.S. as a result of our energy grid is simply as weak.
It’s previous and wishes updating. It’s uncovered to excessive climate occasions like hurricanes and wildfires. And the combination of renewable vitality sources makes it vulnerable to massive energy fluctuations just like the one Spain simply skilled.
In the meantime, our grid is being strained by an growing demand for energy.
Sadly, that’s not the one huge infrastructure downside the U.S. is dealing with right now.
You see, the legacy software program nonetheless powering America’s air visitors management, transport logistics, protection techniques and even our hospitals is hanging on by a thread.
This downside might sound far much less apparent, however it’s equally as harmful. And until we tackle it quickly, it’s solely a matter of time earlier than there are critical penalties.
A Drawback That’s Tougher to See
The most important danger to our important infrastructure is buried deep in traces of code, written a long time in the past and patched collectively ever since.
In line with Synopsis/Black Duck’s 2025 Open Supply Safety and Danger Evaluation Report, the overwhelming majority of those fragile legacy techniques comprise at the least some open supply software program (OSS).
Supply: www.resilientcyber.io
However whereas the usage of OSS could be more cost effective and clear, the research discovered that 91% of the codebases reviewed had outdated OSS parts.
And 90% of them comprise parts which are greater than 10 variations behind essentially the most present model.
Which means they weren’t designed for the threats we face right now.
And that’s comprehensible when you think about the size of time it usually takes for presidency initiatives to get off the bottom.
By the point software program is carried out, it’s common for it to already be outdated.
And plenty of of those legacy techniques now not obtain updates or safety patches in any respect.
That’s why hospitals, air visitors networks, protection contractors and different areas of important infrastructure are such ripe targets for hackers.
For instance…
- The Wolf Creek nuclear energy plant in Kansas was the goal of Russian hackers again in 2017.
- The Colonial Pipeline hack in 2021 was the largest cyberattack on an oil infrastructure goal in U.S. historical past.
- And simply final 12 months, a China-linked state-sponsored group infiltrated main U.S. telecoms as a part of a cyberespionage marketing campaign.
But regardless of these main safety breaches, we nonetheless depend on software program written when Invoice Clinton was president.
In line with a current RSAC panel, some visitors techniques run on firmware from a number of a long time in the past, with little standardization and no centralized oversight.
Our water infrastructure is fractured into greater than 55,000 impartial districts, every with its personal growing old software program stack.
And the well being care sector isn’t faring a lot better.
A 2023 research confirmed that roughly 40% of open-source code utilized in medical software program comprises identified vulnerabilities…
Regardless that a single ransomware assault may completely shut down a hospital.
In any case, that’s what occurred to St. Margaret’s Well being in Spring Valley, IL.
Supply: wqad.com
It was hit with a ransomware assault in 2021 that disrupted the hospital’s skill to submit claims to insurers, Medicare or Medicaid for months.
These billing delays despatched St. Margaret’s right into a monetary spiral, and the 120-year-old hospital was compelled to close its doorways in 2023.
It was the primary time a hospital was shut down within the U.S. on account of a cyberattack. Nevertheless it probably received’t be the final…
If we fail to behave on our legacy software program points.
The Price of Doing Nothing
The issue with sustaining previous code is that it’s costly and inefficient.
Legacy techniques usually depend on outdated programming languages, customized {hardware} and a lack of understanding.
As the unique engineers retire, there’s nobody left who actually understands how every part suits collectively.
It’s like attempting to repair a crumbling bridge with out the unique blueprints… and whereas visitors remains to be working throughout it.
However right here’s the factor…
The longer we delay modernization, the extra we danger falling behind.
We’re already seeing it occur within the airline trade, the place legacy flight ops techniques at the moment are a serious cause for delays.
In line with the Division of Transportation, final 12 months over 22% of U.S. business flights arrived late.
And tarmac delays of over three hours had been up greater than 51% from the 12 months earlier than.
The airline trade loses an estimated $60 billion a 12 months from these disruptions. But, many carriers proceed counting on decades-old scheduling platforms as a result of changing them is seen as too dangerous or costly.
I imagine there’s a far larger danger in doing nothing.
The excellent news is that momentum appears to be constructing to do one thing about our legacy software program downside.
In January 2025, the Cybersecurity and Infrastructure Safety Company (CISA), in partnership with the Protection Superior Analysis Tasks Company (DARPA) and different authorities businesses, printed a report titled Closing the Software program Understanding Hole.
It acknowledges that almost all legacy techniques are so complicated, we now not absolutely grasp how they work.
The report highlights the dangers of this software program understanding hole to each nationwide safety and demanding infrastructure, and it recommends a broad, government-coordinated strategy to assist repair the issue.
One resolution is to spend money on rigorous software program evaluation strategies generally known as formal strategies that enable deep auditing throughout huge codebases.
Formally verified software program used to look inconceivable to do at scale, however advances over the previous decade have made it a lot simpler to make use of in on a regular basis improvement.
Naturally, AI is enjoying a component. It’s already serving to builders untangle and refactor legacy code.
In reality, in line with GitLab analysis, 34% of builders at the moment are utilizing AI to modernize legacy code.
That share will solely go up as AI continues to enhance.
By analyzing, testing and rewriting outdated software program, AI instruments ought to reduce the time and price of modernization considerably.
Right here’s My Take
The blackout in Spain and Portugal final week must be a wake-up name for all of us.
Not simply in regards to the vulnerabilities of our vitality grid however in regards to the software program that powers our important infrastructure.
As a result of the longer we rely on outdated code, the larger the possibility that one thing will break.
That’s why good cash is backing the businesses powering America’s digital rebuild.
As federal businesses and Fortune 500s start to improve their software program, corporations engaged on secure-by-design software program, AI-powered improvement instruments and formal verification ought to profit from America’s digital rebuild.
Members of my Strategic Fortunes service know this already.
At the start of final 12 months, I recognized an organization that’s serving to massive establishments map and modernize complicated legacy techniques, together with authorities infrastructure.
As of this morning, its inventory worth is up over 640% since my suggestion.
And as concern round this problem retains rising, we’ll probably see extra probabilities for related good points.
Regards,
Ian King
Chief Strategist, Banyan Hill Publishing
Editor’s Word: We’d love to listen to from you!
If you wish to share your ideas or strategies in regards to the Day by day Disruptor, or if there are any particular subjects you’d like us to cowl, simply ship an e-mail to dailydisruptor@banyanhill.com.
Don’t fear, we received’t reveal your full identify within the occasion we publish a response. So be happy to remark away!
