VA Buckles Down On Cyber Security, Program Management - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Government // Cybersecurity
01:35 PM

VA Buckles Down On Cyber Security, Program Management

Agency refocuses IT priorities on data protection, on-time project delivery to overcome past poor performance.

5 Early Cloud Adopters In Federal Government
5 Early Cloud Adopters In Federal Government
(Click image for larger view and slideshow.)

The Department of Veterans Affairs has a checkered history successfully delivering major IT programs. But in recent years, VA officials claim it has taken major steps to keep technology efforts on time and within budget. These steps are important because of the department's mission to support veterans' healthcare and the need to provide efficient services despite ongoing technical challenges facing the agency.

To more effectively run and manage its IT programs, the VA has revamped how it delivers services and refocused its priorities, explained Stephen Warren, executive in charge and CIO of the VA's Office of Information Technology, at a recent briefing.

Warren noted that the VA's major IT priorities are protecting veterans' information, providing quality customer service, delivering IT products on time, reporting operational metrics, and managing financial resources. Above all, the department aims to be a "good steward" of veterans' data, he maintained. To do this, the VA has developed a structured defense-in-depth system to protect its data.

Continuous monitoring is one example. In 2013, the VA was the first government department to deploy the Einstein 3 continuous monitoring system to defend its networks, Warren said. The system, which is being deployed across the federal government, allows the VA to constantly keep track of activity on its networks, alerting administrators of an intrusion or other unusual activity in near-real-time. The VA has also installed additional systems to defend individual servers, desktops, and other systems within its enterprise, he said.

Stephen Warren

[Learn about another agency looking for new ways to protect resources. See Homeland Security Funds Software Security Initiative.]

Another major focus is on IT products and software. In 2009, the VA radically changed how it set up and ran software development programs, Warren said. If a project cannot be completed and ready within six months, the VA will not run it. This radically changed how the VA delivers products. Since this policy change, about 96% of all VA IT products are delivered on time, with a 4% loss rate, he said.

VA IT projects go through a series of milestones to keep on track. One major part of this process is that due dates are not flexible. "If the date slips, we don't change the [due] date -- that's what we hold folks to," Warren said.

As an example of how the VA sticks to this process, Warren noted that for 2014, the VA's on-time delivery rate was only 73% due to 2013's government shutdown. If the shutdown had not occurred, the project success rate would have been about 82%, he said.

One of the major lessons learned from this IT process is that if an organization allows project due dates to float, it lowers the probability of a team or contractor ever meeting its project goals, Warren said. "Time is the biggest enemy," he noted. Time is one reason the VA set its project delivery deadlines at six months or less. Program managers must declare before the six months are up whether they will meet or miss the delivery date. He emphasized that meeting deadline dates "is sacred to us."

But while the department has made progress in defending its data and streamlining how it manages IT programs, more needs to be done, Warren said. Part of this comes from the past legacy of embarrassing data breaches that had marred the VA's IT efforts in the past. To distance itself from that history, the VA is continuously evolving how it defends and manages its data.

There must be a consideration of the threat space and how progressive attacks are becoming more sophisticated, Warren explained. Although there have been intrusions into the VA's networks over the last year, he noted that these attempts did not succeed in pulling any data out. "As a large institution, we're always under threat."

There is also the need to meet and comply with the Federal Information Security Management Act and other security standards. But Warren cautioned it is important to understand that while complying with standards is very important, the department must be able to deliver benefits to veterans where and when they need them.

InformationWeek's new Must Reads is a compendium of our best recent coverage of project management. Learn why enterprises must adapt to the Agile approach, how to handle project members who aren't performing up to expectations, whether project management offices are worthwhile, and more. Get the new Project Management Must Reads issue today. (Free registration required.)

Henry Kenyon is a contributing writer to InformationWeek Government. He has covered Government IT and Defense markets since 1999 for a variety of publications including Government Computer News, Federal Computer Week, AFCEA's Signal Magazine and AOL Government. View Full Bio

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
InformationWeek Is Getting an Upgrade!

Find out more about our plans to improve the look, functionality, and performance of the InformationWeek site in the coming months.

Pandemic Responses Make Room for More Data Opportunities
Jessica Davis, Senior Editor, Enterprise Apps,  5/4/2021
10 Things Your Artificial Intelligence Initiative Needs to Succeed
Lisa Morgan, Freelance Writer,  4/20/2021
Transformation, Disruption, and Gender Diversity in Tech
Joao-Pierre S. Ruth, Senior Writer,  5/6/2021
White Papers
Register for InformationWeek Newsletters
Current Issue
Planning Your Digital Transformation Roadmap
Download this report to learn about the latest technologies and best practices or ensuring a successful transition from outdated business transformation tactics.
Flash Poll