Rocky
15-12-06, 11:36
Proponent of IT centralization declares victory at the VA
By Daniel Pulliam
dpulliam@govexec.com (dpulliam@govexec.com)
Eight months after the largest data breach in government history, the outgoing chairman of the House Veterans Affairs' Committee is declaring victory in the battle to centralize the massive information technology infrastructure at the Veterans Affairs Department.
In a press conference Wednesday with VA Secretary James Nicholson, Rep. Steve Buyer, R-Ind., said the new structure will not necessarily prevent future security lapses, but will empower "agents of change" to transform the department's culture so that sensitive personal information is treated with greater care.
With the decision to move the department's IT development personnel under the authority of the chief information officer, the VA is the first federal agency to implement a truly centralized IT management model, Buyer said. He added that it will be the envy of other department IT officials.
"Some of the CIOs in other departments are already talking to the VA CIO [Bob Howard] to ask, 'What did you do? How did you do it?' " Buyer said.
He said agencies will not centralize their IT infrastructure on their own and that such moves require the chairman of the agency's congressional oversight panel to take interest. "They also need to get squeezed by [the Office of Management and Budget]," Buyer said.
The VA's IT reorganization has given the technology chief "almost everything he ever asked for," Buyer said. "Unfortunately, it takes a bad incident to implement change."
Before the May 2006 data breach, which put at risk the identities of more than 26.5 million veterans and active duty members of the military, the VA was moving toward a "federated model" of IT management. This would have allowed the VA's three administrations to maintain control over IT application development.
But after eight hearings by Buyer's committee, the resignation of two senior VA officials who opposed centralization and a recommendation from IBM officials helping to implement the reorganization, the VA elected to move IT developers under the authority of the CIO. The developers will be detailed to the CIO Monday, and the move is expected to be made permanent in April 2007, Buyer said.
Legislation sponsored by Buyer that would have legally mandated the centralization of the VA's IT passed the House in November 2005, but the bill never made it out of the Senate Veterans' Affairs Committee because of concerns that it would hamper the VA's ability to provide services to veterans.
A second bill introduced by Buyer in July 2006 also mandated the centralization of the VA's IT management structure, but after passing the House, the legislation failed to gain Senate acceptance.
Compromise legislation included in a broad VA bill (S. 3421) that passed both chambers of Congress early Saturday morning requires the VA to provide notification to people affected by a data breach, deliver reports to Congress, issue fraud alerts, conduct an independent risk analysis of data breaches and provide credit monitoring services and identity theft insurance.
Buyer also praised Nicholson for showing leadership after the data breach was discovered.
The secretary said the new emphasis on IT security has caused embarrassment for some VA employees and it will be reflected in their performance reviews, which will affect their compensation.
---------------
Buyer press release here...
http://www.vawatchdog.org/housecvanews/housecvanews12-13-06.htm (http://www.vawatchdog.org/housecvanews/housecvanews12-13-06.htm)
Press release below:
---------------
P R E S S R E L E A S E
Wednesday December 13, 2006
Buyer: VA information technology centralization helps veterans and families
Washington, D.C. — House Committee on Veterans’ Affairs Chairman Steve Buyer (R-Ind.) today hailed the decision by Veterans Affairs Secretary R. James Nicholson to fully centralize management of information technology (IT) systems and security at the department.
The decision complements S. 3421, a bill recently passed in the House and Senate that directs VA to provide breach notification to individuals, reports to Congress, fraud alerts, data breach analysis, credit monitoring services and identity theft insurance, among other provisions.
Nicholson has directed the establishment of a departmental IT management system under the authority of VA’s assistant secretary for information and technology, also designated as the department’s chief information officer (CIO).
“Nearly a decade of committee oversight, including 16 hearings, is paying off with Secretary Nicholson’s commendable decision to centralize the management of VA’s information technology and security systems,” Buyer said.
Under the plan, more than 5,000 IT personnel are being reassigned to the CIO from VA’s health, benefits, and memorial affairs administrations, where they have proliferated in a decentralized approach. Operations and maintenance personnel were permanently reassigned in October; development personnel will be permanently reassigned by April 2007. Decentralization was widely condemned by the Congress and private-sector experts after a massive data compromise in May.
“Over the past several months, VA has made measurable progress in centralizing control of our information technology systems and bolstering cyber and information security,” Secretary of Veterans Affairs Jim Nicholson said. “As reform and reorganization continues, the result will be a system that is more accountable and better serves veterans. I thank Congressman Buyer for his partnership in helping VA move closer to its goal of becoming the ‘gold standard’ in data security. Congressman Buyer shares VA’s commitment to making our systems more effective and efficient, and his leadership is appreciated.”
The plan addresses most of the committee’s concerns, which peaked this summer after a laptop and hard drive containing sensitive personal data belonging to 26.5 million veterans and their family members, and 2.2 million active-duty servicemembers and their family members was stolen from a VA employee’s home. The equipment was recovered and an FBI investigation determined no data had been stolen. Nonetheless, the loss helped crystallize resolve to conduct reforms along the lines championed by Buyer and the committee.
The centralization decision also supports a presidential executive order to federal agencies requiring them to improve the quality and efficient delivery of health care by, in part, better use of IT resources. VA’s existing decentralized system could not fulfill the president’s intent.
“Secretary Nicholson has responded to the concerns and recommendations of Congress, best practices of private-sector technology firms and government agencies, and the president’s intent to improve government efficiency. His bold action will significantly improve the ability of VA to provide veterans with safer, quality care and quicker benefits delivery,” Buyer said.
“The VA under Secretary Nicholson’s leadership and foresight will lead the federal government by being the IT benchmark for all other departments and agencies,” Buyer said. “Veterans and their families will be better served by the secretary’s good managerial sense.”
By Daniel Pulliam
dpulliam@govexec.com (dpulliam@govexec.com)
Eight months after the largest data breach in government history, the outgoing chairman of the House Veterans Affairs' Committee is declaring victory in the battle to centralize the massive information technology infrastructure at the Veterans Affairs Department.
In a press conference Wednesday with VA Secretary James Nicholson, Rep. Steve Buyer, R-Ind., said the new structure will not necessarily prevent future security lapses, but will empower "agents of change" to transform the department's culture so that sensitive personal information is treated with greater care.
With the decision to move the department's IT development personnel under the authority of the chief information officer, the VA is the first federal agency to implement a truly centralized IT management model, Buyer said. He added that it will be the envy of other department IT officials.
"Some of the CIOs in other departments are already talking to the VA CIO [Bob Howard] to ask, 'What did you do? How did you do it?' " Buyer said.
He said agencies will not centralize their IT infrastructure on their own and that such moves require the chairman of the agency's congressional oversight panel to take interest. "They also need to get squeezed by [the Office of Management and Budget]," Buyer said.
The VA's IT reorganization has given the technology chief "almost everything he ever asked for," Buyer said. "Unfortunately, it takes a bad incident to implement change."
Before the May 2006 data breach, which put at risk the identities of more than 26.5 million veterans and active duty members of the military, the VA was moving toward a "federated model" of IT management. This would have allowed the VA's three administrations to maintain control over IT application development.
But after eight hearings by Buyer's committee, the resignation of two senior VA officials who opposed centralization and a recommendation from IBM officials helping to implement the reorganization, the VA elected to move IT developers under the authority of the CIO. The developers will be detailed to the CIO Monday, and the move is expected to be made permanent in April 2007, Buyer said.
Legislation sponsored by Buyer that would have legally mandated the centralization of the VA's IT passed the House in November 2005, but the bill never made it out of the Senate Veterans' Affairs Committee because of concerns that it would hamper the VA's ability to provide services to veterans.
A second bill introduced by Buyer in July 2006 also mandated the centralization of the VA's IT management structure, but after passing the House, the legislation failed to gain Senate acceptance.
Compromise legislation included in a broad VA bill (S. 3421) that passed both chambers of Congress early Saturday morning requires the VA to provide notification to people affected by a data breach, deliver reports to Congress, issue fraud alerts, conduct an independent risk analysis of data breaches and provide credit monitoring services and identity theft insurance.
Buyer also praised Nicholson for showing leadership after the data breach was discovered.
The secretary said the new emphasis on IT security has caused embarrassment for some VA employees and it will be reflected in their performance reviews, which will affect their compensation.
---------------
Buyer press release here...
http://www.vawatchdog.org/housecvanews/housecvanews12-13-06.htm (http://www.vawatchdog.org/housecvanews/housecvanews12-13-06.htm)
Press release below:
---------------
P R E S S R E L E A S E
Wednesday December 13, 2006
Buyer: VA information technology centralization helps veterans and families
Washington, D.C. — House Committee on Veterans’ Affairs Chairman Steve Buyer (R-Ind.) today hailed the decision by Veterans Affairs Secretary R. James Nicholson to fully centralize management of information technology (IT) systems and security at the department.
The decision complements S. 3421, a bill recently passed in the House and Senate that directs VA to provide breach notification to individuals, reports to Congress, fraud alerts, data breach analysis, credit monitoring services and identity theft insurance, among other provisions.
Nicholson has directed the establishment of a departmental IT management system under the authority of VA’s assistant secretary for information and technology, also designated as the department’s chief information officer (CIO).
“Nearly a decade of committee oversight, including 16 hearings, is paying off with Secretary Nicholson’s commendable decision to centralize the management of VA’s information technology and security systems,” Buyer said.
Under the plan, more than 5,000 IT personnel are being reassigned to the CIO from VA’s health, benefits, and memorial affairs administrations, where they have proliferated in a decentralized approach. Operations and maintenance personnel were permanently reassigned in October; development personnel will be permanently reassigned by April 2007. Decentralization was widely condemned by the Congress and private-sector experts after a massive data compromise in May.
“Over the past several months, VA has made measurable progress in centralizing control of our information technology systems and bolstering cyber and information security,” Secretary of Veterans Affairs Jim Nicholson said. “As reform and reorganization continues, the result will be a system that is more accountable and better serves veterans. I thank Congressman Buyer for his partnership in helping VA move closer to its goal of becoming the ‘gold standard’ in data security. Congressman Buyer shares VA’s commitment to making our systems more effective and efficient, and his leadership is appreciated.”
The plan addresses most of the committee’s concerns, which peaked this summer after a laptop and hard drive containing sensitive personal data belonging to 26.5 million veterans and their family members, and 2.2 million active-duty servicemembers and their family members was stolen from a VA employee’s home. The equipment was recovered and an FBI investigation determined no data had been stolen. Nonetheless, the loss helped crystallize resolve to conduct reforms along the lines championed by Buyer and the committee.
The centralization decision also supports a presidential executive order to federal agencies requiring them to improve the quality and efficient delivery of health care by, in part, better use of IT resources. VA’s existing decentralized system could not fulfill the president’s intent.
“Secretary Nicholson has responded to the concerns and recommendations of Congress, best practices of private-sector technology firms and government agencies, and the president’s intent to improve government efficiency. His bold action will significantly improve the ability of VA to provide veterans with safer, quality care and quicker benefits delivery,” Buyer said.
“The VA under Secretary Nicholson’s leadership and foresight will lead the federal government by being the IT benchmark for all other departments and agencies,” Buyer said. “Veterans and their families will be better served by the secretary’s good managerial sense.”