Letter to the editor

I would like to respond to Federal Computer Week's Sept. 25 article ["VA systems called 'open door'"] concerning the results of an audit performed by PricewaterhouseCoopers last year.

The article accurately covered the case as presented by VA's inspector general, but the office withheld some significant information. It gave the impression that someone sitting at a home computer could easily gain access to Veterans Benefits Administration systems. In fact, PricewaterhouseCoopers' personnel were given access to the system as directed.

That being said, there is no dispute that we have a lot of problems, which we are trying to address.

K. Adair Martinez was not in his position of VBA chief information officer at the time of the audit. Since her arrival at VBA, she has made network security a top priority and has been most supportive of the Network Intrusion Detection and Prevention pilot project under way at the Hines (Illinois) Benefits Delivery Center and Chicago Regional Office.

I am encouraged by the attention given to security by VA's new CIO, Edward Meagher, as reported in recent articles in Federal Computer Week. But as of yet, resources have been slow in coming from VA.

At a time when there has been a tremendous downsizing of personnel, we are only able to muster six technicians, including myself, to work on network security. Two of these folks are limited to anti-virus activities, and the rest of us have to divide our time between security and supporting the wide-area network environment.

The VA (and Congress) must realize that security is a 24/7 proposition and allow VBA to acquire the resources necessary to staff the security effort that is required.

Although the tools we are working with will allow a wide range of automated responses to perceived intrusion threats, trained personnel must be quickly available to evaluate any threat and deal with it to prevent a serious impact on the ability of VBA to do its mandated business.

The article made reference to susceptibility to fraud, but actual occurrences of fraud have involved claims examiners and others who had legitimate access to the systems they attempted to defraud. This is very much akin to having a bank teller or store cashier raid the cash drawer to which they would normally have access. The fraud cases cannot be detected through network security but must be dealt with by better supervision and auditing methods to detect and rectify such cases.

Although PricewaterhouseCoopers did not mention it, VBA has an exemplary record in dealing with e-mail virus attacks. The response to the first major attack (the "Melissa' virus) took some time to address. This was the first emergency nationwide distribution of Network Associates Inc.'s anti-virus updates. Learning quickly from the experience, the next attacks required only a couple of hours for this process to occur. These viruses were a nuisance but did no real damage to VBA.

We would like to extend this to the entire realm of network security, a challenging task given the new "open" environments of today, but not an impossible task if we are allocated the appropriate resources.

Larry Block

Senior analyst

Network security and support team

Systems Implementation Division, Hines Benefits Delivery Center

WRITE US

We welcome your comments.

To send a letter to the editor, e-mail us at letters@fcw.com. Please include your full name, title and a phone number for verification. We can withhold your name upon request.

Letters may be edited for clarity and for space constraints in the print version of FCW.

Featured

  • Defense
    The Pentagon (Photo by Ivan Cholakov / Shutterstock)

    DOD CIO hits pause on JEDI cloud acquisition

    Dana Deasy set cloud as his office's top priority. But when it comes to the JEDI request for proposal, he's directed staff to "pause" to compile a comprehensive review.

  • Cybersecurity
    By Gorodenkoff shutterstock ID 761940757

    Waging cyber war without a rulebook

    As the U.S. looks to go on the offense in the cyber domain, critical questions remain unanswered around who will take the lead and how clearly to draw the rules of engagement.

  • Government Innovation Awards
    Government Innovation Awards - https://governmentinnovationawards.com

    Deadline extended for Rising Star nominations

    You now have until July 18 to help us identify the early-career innovators and change agents in government IT.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.