Letter to the editor

I would like to respond to Federal Computer Week's Sept. 25 article ["VA systems called 'open door'"] concerning the results of an audit performed by PricewaterhouseCoopers last year.

The article accurately covered the case as presented by VA's inspector general, but the office withheld some significant information. It gave the impression that someone sitting at a home computer could easily gain access to Veterans Benefits Administration systems. In fact, PricewaterhouseCoopers' personnel were given access to the system as directed.

That being said, there is no dispute that we have a lot of problems, which we are trying to address.

K. Adair Martinez was not in his position of VBA chief information officer at the time of the audit. Since her arrival at VBA, she has made network security a top priority and has been most supportive of the Network Intrusion Detection and Prevention pilot project under way at the Hines (Illinois) Benefits Delivery Center and Chicago Regional Office.

I am encouraged by the attention given to security by VA's new CIO, Edward Meagher, as reported in recent articles in Federal Computer Week. But as of yet, resources have been slow in coming from VA.

At a time when there has been a tremendous downsizing of personnel, we are only able to muster six technicians, including myself, to work on network security. Two of these folks are limited to anti-virus activities, and the rest of us have to divide our time between security and supporting the wide-area network environment.

The VA (and Congress) must realize that security is a 24/7 proposition and allow VBA to acquire the resources necessary to staff the security effort that is required.

Although the tools we are working with will allow a wide range of automated responses to perceived intrusion threats, trained personnel must be quickly available to evaluate any threat and deal with it to prevent a serious impact on the ability of VBA to do its mandated business.

The article made reference to susceptibility to fraud, but actual occurrences of fraud have involved claims examiners and others who had legitimate access to the systems they attempted to defraud. This is very much akin to having a bank teller or store cashier raid the cash drawer to which they would normally have access. The fraud cases cannot be detected through network security but must be dealt with by better supervision and auditing methods to detect and rectify such cases.

Although PricewaterhouseCoopers did not mention it, VBA has an exemplary record in dealing with e-mail virus attacks. The response to the first major attack (the "Melissa' virus) took some time to address. This was the first emergency nationwide distribution of Network Associates Inc.'s anti-virus updates. Learning quickly from the experience, the next attacks required only a couple of hours for this process to occur. These viruses were a nuisance but did no real damage to VBA.

We would like to extend this to the entire realm of network security, a challenging task given the new "open" environments of today, but not an impossible task if we are allocated the appropriate resources.

Larry Block

Senior analyst

Network security and support team

Systems Implementation Division, Hines Benefits Delivery Center


We welcome your comments.

To send a letter to the editor, e-mail us at letters@fcw.com. Please include your full name, title and a phone number for verification. We can withhold your name upon request.

Letters may be edited for clarity and for space constraints in the print version of FCW.


  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

  • Comment
    Pilot Class. The author and Barbie Flowers are first row third and second from right, respectively.

    How VA is disrupting tech delivery

    A former Digital Service specialist at the Department of Veterans Affairs explains efforts to transition government from a legacy "project" approach to a more user-centered "product" method.

  • Cloud
    cloud migration

    DHS cloud push comes with complications

    A pressing data center closure schedule and an ensuing scramble to move applications means that some Homeland Security components might need more than one hop to get to the cloud.

Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.