Quick Hits for Nov. 5
*** The decision by the Department of Veterans Affairs to acquire the Cerner electronic health record system to create a fully interoperable data ecosystem with the Military Health System and the Department of Defense seemed like a slam dunk when it was announced by then-VA Secretary David Shulkin in May 2017. Since then, however, the effort has been delayed by contracting issues, Shulkin's ouster, reports of interference by a trio of President Donald Trump's Mar-a-Lago cronies and now management and personnel woes.
A Nov. 1 ProPublica report paints a picture of mismanagement and chaos that is hindering VA from onboarding qualified health technology and informatics professionals to handle the rollout of the Cerner system. Among the scoops, ProPublica reports that Sutter Health CIO Jonathan Manis was recruited to lead the $4 billion-plus Office of Information and Technology at VA – a Senate-confirmed post. Manis told ProPublica he opted not to move ahead with the job, because of uncertainty about who was really running VA. (The Senate Veterans Affairs committee recently advanced the nomination of James Gfrerer to serve as CIO, but his confirmation has been held up.)
Congress has been watching the effort with growing dismay. Members on both sides of the aisle complained at a September hearing of the House Veterans Affairs Committee that there was no single accountable individual charged with making sure the DOD and VA electronic health records systems were 100 percent interoperable, as has been promised by project leaders.
The health records project was listed as high risk with a CIO rating of 2 out of 5 on the September 2018 update on the federal IT dashboard. FY2018 spending on the $10 billion project was $782 million.
In August, Rep. Jim Banks (R-Ind.), the chairman of the new subcommittee devoted to oversight of the EHR modernization project, wrote to VA Secretary Robert Wilkie to express concern about the "deteriorating and rudderless leadership" of the EHR Modernization program. Banks asked Wilkie to prioritize hiring a chief health information officer "who possesses the requisite medical and technical knowledge and demonstrates managerial competency for such a large EHR transition," and the addition of a chief medical officer from the Veterans Health Administration to join the team.
*** A blockbuster Yahoo News report revealed that a secret CIA communications system used by foreign assets was compromised by adversaries including Iran and China, leading to the identification and execution of spies in both countries. The report, based on interviews with nearly a dozen former U.S. intelligence officials, said the initial breach of the system started in 2009 in Iran, where officials were able to suss out the existence of the system by the deployment of a double agent and by using "rudimentary" Googling techniques. While not explicitly stated in the story, the fact that the communications system was indexed by Google at all is a colossal failure in its designers, as many cybersecurity and computer science experts have pointed out subsequently.
This technique allowed Tehran to monitor traffic to and from CIA websites to identify likely spies. U.S. officials believe some level of coordination between Tehran and Beijing led to the discovery of CIA's main communications system, which led to a mass purge and execution of U.S. assets in China between 2011 and 2012.
Comments from former intelligence officials suggest that the system was ad hoc, and not designed to be widely used. One former official told the Yahoo News reporters that "It was never meant to be used long term for people to talk to sources. The issue was that it was working well for too long, with too many people. But it was an elementary system."
*** Coping with a dearth of cyber talent is something government and private industry share, but for the Defense Information Systems Agency, a stubborn culture resistant to using new authorities in acquisition and hiring has further stymied rapid-hiring attempts. Vice Adm. Nancy Norton, DISA director and commander for the Joint Force Headquarters-Department of Defense Information Network, said the agency has been slow to adopt congressional hiring authorities, including the Cyber Excepted Service and expanding the number of billets to the program.
"Part of that is just the human nature; we know how to do things one way and so we keep doing them the same way," Norton said during a Nov. 1 speech at Fifth Domain's CyberCon in Arlington, Va. "Our traditional hiring methods, our traditional acquisition methods, are things that we're very comfortable with...and you have to get a very large personnel system to understand how to use a different system, and that just takes time."
The Defense Department overall plans to expand the Cyber Excepted Service personnel system for civilian IT and cyber defense workers. Additionally, the Pentagon expects to expand the excepted service to 8,300 positions, including the Defense Information Systems Agency and service cyber components, according to congressional testimony from Brig. Gen. Dennis Crall, the principal deputy cyber advisor and senior military advisor for cyber policy for the defense secretary's office.
Through traditional hiring avenues, it takes DISA about six to nine months to bring on new employees, which is partially due to the lengthy clearance process. Norton declined to go into detail but said DISA's work on the National Bureau of Investigations System will help speed up the clearance process.
Posted on Nov 05, 2018 at 12:32 AM