Letter to the editor

I would like to respond to Federal Computer Week's Sept. 25 article ["VA systems called 'open door'"] concerning the results of an audit performed by PricewaterhouseCoopers last year.

The article accurately covered the case as presented by VA's inspector general, but the office withheld some significant information. It gave the impression that someone sitting at a home computer could easily gain access to Veterans Benefits Administration systems. In fact, PricewaterhouseCoopers' personnel were given access to the system as directed.

That being said, there is no dispute that we have a lot of problems, which we are trying to address.

K. Adair Martinez was not in his position of VBA chief information officer at the time of the audit. Since her arrival at VBA, she has made network security a top priority and has been most supportive of the Network Intrusion Detection and Prevention pilot project under way at the Hines (Illinois) Benefits Delivery Center and Chicago Regional Office.

I am encouraged by the attention given to security by VA's new CIO, Edward Meagher, as reported in recent articles in Federal Computer Week. But as of yet, resources have been slow in coming from VA.

At a time when there has been a tremendous downsizing of personnel, we are only able to muster six technicians, including myself, to work on network security. Two of these folks are limited to anti-virus activities, and the rest of us have to divide our time between security and supporting the wide-area network environment.

The VA (and Congress) must realize that security is a 24/7 proposition and allow VBA to acquire the resources necessary to staff the security effort that is required.

Although the tools we are working with will allow a wide range of automated responses to perceived intrusion threats, trained personnel must be quickly available to evaluate any threat and deal with it to prevent a serious impact on the ability of VBA to do its mandated business.

The article made reference to susceptibility to fraud, but actual occurrences of fraud have involved claims examiners and others who had legitimate access to the systems they attempted to defraud. This is very much akin to having a bank teller or store cashier raid the cash drawer to which they would normally have access. The fraud cases cannot be detected through network security but must be dealt with by better supervision and auditing methods to detect and rectify such cases.

Although PricewaterhouseCoopers did not mention it, VBA has an exemplary record in dealing with e-mail virus attacks. The response to the first major attack (the "Melissa' virus) took some time to address. This was the first emergency nationwide distribution of Network Associates Inc.'s anti-virus updates. Learning quickly from the experience, the next attacks required only a couple of hours for this process to occur. These viruses were a nuisance but did no real damage to VBA.

We would like to extend this to the entire realm of network security, a challenging task given the new "open" environments of today, but not an impossible task if we are allocated the appropriate resources.

Larry Block

Senior analyst

Network security and support team

Systems Implementation Division, Hines Benefits Delivery Center


We welcome your comments.

To send a letter to the editor, e-mail us at [email protected]. Please include your full name, title and a phone number for verification. We can withhold your name upon request.

Letters may be edited for clarity and for space constraints in the print version of FCW.


  • Government Innovation Awards
    Government Innovation Awards - https://governmentinnovationawards.com

    Congratulations to the 2020 Rising Stars

    These early-career leaders already are having an outsized impact on government IT.

  • Cybersecurity
    cybersecurity (Rawpixel/Shutterstock.com)

    CMMC clears key regulatory hurdle

    The White House approved an interim rule to mandate defense contractors prove they adhere to existing cybersecurity standards from the National Institute of Standards and Technology.

Stay Connected