August 27, 2013, 4:01 PM — A COBOL (common business oriented language)-based system used to support New York's US$160 billion state pension fund has become the subject of controversy, with some officials claiming it poses a potential security risk and others defending it as "battle-tested," albeit set to be replaced.
Dubbed MEBEL (member, employer, benefits, executive and legal), the system dates back more than 25 years, according to an audit released earlier this month by the state Department of Financial Services. It "supports the core business processes of the retirement system including benefits processing, calculating and payment, employer billing and reporting, and enrollment and termination of membership," the audit adds.
"Using a system that is more than 25 years old for such a high volume of transactions is dangerous, particularly because the systems and programs MEBEL was intended to interface with are also now very outdated and there are a small and dwindling number of specialists able to use and maintain them," the audit states.
The audit also found that MEBEL had been using versions of IBM's z/OS mainframe operating system and Microsoft's SQL Server that were so out of date, they weren't supported by the vendors. While the state has upgraded SQL Server it won't do the same for z/OS until later this year, according to the audit.
"Software vendors do not create security patches or fixes for recently identified problems for software that is past their formal support end dates," it adds. "This lack of security and functionality protection leaves the retirement system's data vulnerable to bugs and to security breaches, including attacks by hackers."
The Department of Financial Services falls under the auspices of New York Governor Andrew Cuomo's administration, but the pension system is overseen by New York state Comptroller Thomas DiNapoli, who is elected separately and also serves as the state's auditor. The two have sparred politically over various issues in recent years, including DiNapoli's handling of the pension fund and Cuomo's budget proposals.
DiNapoli's office responded to the DFS audit on Friday, saying it contained "numerous inaccuracies, misleading statements and errors."
MEBEL is a "secure and battle-tested system" and COBOL is a "very stable language used extensively throughout state government as well as financial institutions around the world," the statement added.