Veterans Affairs

VA stymied in trying to provide responses to Congress

Eric Shinseki

VA Secretary Eric Shinseki proposed expanding an IG audit to include congressional questions.

Congress keeps asking questions about data security at the Department of Veterans Affairs, but the VA hasn't come up with any answers yet. With another deadline coming this week, that appears unlikely to change -- the VA secretary's latest plan to get Congress the answers it seeks has been rejected by his own department's inspector general.

Beginning Oct. 23, the House Veterans Affairs Committee directed six formal inquiries totaling more than 100 questions to VA's Office of Information and Technology concerning IT security practices in relation to at least nine state-sponsored data breaches.

VA failed to respond to deadlines for the first three sets of congressional inquiries, a collection of 39 questions probing VA's adherence to the Information Technology Act of 2006, its safeguarding of veterans' personally identifiable information in accordance with privacy laws and the Health Information Technology for Economic and Clinical Health Act. Responses to those inquiries were due by 6 p.m. Nov. 6, 8 and 11, respectively.

Missed deadlines are nothing new for VA: The agency has more than 110 outstanding information requests dating back to June 2012.

VA Secretary Eric Shinseki came up with a plan to address this latest batch of inquiries, informing Rep. Mike Coffman (R-Colo.), chairman of the Subcommittee on Oversight and Investigations on Nov. 8 that he had asked the VA Office of Inspector General to expand its 2013 Federal Information Security Management Act audit to include the questions.

But in a Nov. 12 letter to Veterans Affairs Chairman Jeff Miller (R-Fla.), the VAOIG said it could not expand its 2013 audit work, which it described as "substantially complete" and due to the Office of Management and Budget in late November. VAOIG said it could potentially expand the scope of its FISMA work for VA in 2014, but would need to modify its existing contract for the work or pursue other acquisition strategies. The IG gave November 2014 as a possible date by which it could comply with the request, which, it acknowledged, "may not meet the Committee's timelines or the broad scope of your interests."

VAOIG's 2013 FISMA audit will be released publicly sometime in early 2014. Its 2012 FISMA audit was critical of VA, which did not remediate approximately 4,000 "outstanding system security risks" in its plans of action and milestones to "improve its overall information security posture." The report concluded material weakness still exists in VA's information security program.

Without VAOIG intervention, it remains unclear what course of action VA will take, but the latest congressional deadline will almost certainly be missed.

Sources within VA OIT told FCW that many of the questions contained sub-questions or required documentation, "making it more like 500 or 600 questions" that can be answered only by a team of about 20 of OIT's 8,000 employees.

Congress' vigor in probing VA's perceived IT security weaknesses comes following testimony from VA officials in June testimony regarding a series of data breaches that potentially put at risk private information such as Social Security numbers and names of more than 20 million veterans and their families.

The 2014 Federal 100

Get to know the 100 women and men honored this year for going above and beyond in federal IT.

Reader comments

Mon, Feb 17, 2014 David G Davis United States

When you look at massive department cover-ups you can look here first. Then, we can look at Congress, President, and of course our appointed Supreme Court Justices. How can any agency be held accountable when it can't be sworn in like our parental Department of Veterans Affairs? Let's cut to the chase here overhaul is what we need but not by our government officials. It needs to be done by the American people. Corruption in our government abounds because we let it.

Thu, Nov 28, 2013

"Stymied" is an interesting choice of words... I think that's nice of you actually. I'm sure it's more accurate to say our self-proclaimed security experts need time to make up a good story. Bring the VA CIO (or whatever they're calling him today) back in to testify, it's always fun to watch.

Sat, Nov 16, 2013

i believe our government has so much waste in it that our elected officials , don't want to resolve the problems , for it would probably interfear with their current social life style , and the perks they get. Being a vetran, who made a career out of the military and am now a federal employee, I have seen so much waste in federal spending , that it amazes me how our leaders don't want to regonize it or acknowledge it ocurring. I see people who are so afraid to report waste because of the reprecussions it would do to their careers. Whistle blowers are not protected no matter what our media tells us. When I have complained , I've been told to let it go and just be happy I have a job, at 60 . This is not a false statement. I think the whole system needs to be over-hauled. I can't run for any government office in this free country, because I don't have enough money to finance myself, and I'm not a socially respected person,. I live on the wrong side of the tracks. Our country was founded on equality but now it revolves on whose side your on.

Thu, Nov 14, 2013 OccupyIT

Wash, Rinse, Repeat. No one at VA IT can actually do the work required. They make excuses and create political committees to protect their personal fiefdoms. They know they can do this because they have never been held accountable - so why bother. We say its 'hard' to comply, as if that would be an acceptable excuse from the contractors they pretend to have oversight over. I'm pretty sure their management response would be, 'just do it!'. Funny how their perspective changes when someone tries to manage them. In this case their strategy is also effective because Congress has ADD and will wander off if VA just looks confused and bumbling long enough.

Thu, Nov 14, 2013 Lauren Price

Last summer, the VA "partnered" with the DAV and the VFW to create more Veteran Service Officers (VSO). Sixty (60) days later, disabled veterans across the country began receiving membership marketing packets from the DAV. (Membership is about $300 per vet, per year). We are looking into how they got that mailing list.

Show All Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above