The Situation Report: Investigating VA Cybersecurity and 18F

situationReport-webLogo2

Follow The Money

A recent audit of the Department of Veterans Affairs’ 2015 financial statements uncovered more than a few problems with the department’s balance sheets. According to the independent public accounting firm CliftonLarsonAllen LLP, the review of VA’s financial statements revealed continuing material weaknesses in the agency’s IT security controls. Although the audit gives VA props for making progress on its Continuous Readiness in Information Security Program (CRISP), the department remains a disjointed mess when it comes to configuration management and access controls.

“We continue to identify significant technical weaknesses in databases, servers, and network devices that support transmitting financial and sensitive information between VA’s medical centers, regional offices, and data centers. This is as a result of an inconsistent application of vendor patches and outdated system software that could jeopardize the data integrity and confidentiality of VA’s financial and sensitive information,” the audit states.

Meanwhile, surveillance footage received by The Situation Report reveals another side to VA’s troubled Financial Management System (FMS)—manual madness. VA’s FMS “continues to require extensive manipulations, journal entries, manual processes, and reconciliations in order for VA to produce a set of auditable financial statements.”

Find The Money

My remote listening post concealed on the corner of 18th and F Street in downtown Washington, D.C., has picked up unconfirmed reports that the General Services Administration’s inspector general wants to know how the agency’s digital services consultants used about $200,000 worth of funding. The IG’s office would neither confirm nor deny it is conducting an investigation, but digital intercepts indicate that financial record keeping may not be a core competency at the corner of 18th and F.

Tackling The Tough Problems

It’s no secret that many of the most senior Federal IT leaders are concerned about the future of the government’s digital services. So we asked a few confidential informants to dig up proof that the newest Federal techies from Silicon Valley are ready, willing, and able to tackle government’s most difficult problems. Here’s what was left at one of our frequently used dead drops:

  • The best digital minds at 18F were so concerned about making people “feel bad” by using the word “guys” instead of “team,” that they customized Slackbot’s autoresponses to replace the words guys and guyz with more inclusive language. The customized Slackbot recommended the following:

Did you mean y’all?

Did you mean team?

Did you mean all?

Did you mean pals?

Did you mean gang?

Did you mean crew?

Did you mean people?

“Turns out, a little cultural hack can go a long way,” wrote 18F’s Front End Designer Maya Benari. “It’s easy to forget these things and say guys unconsciously, but a nice, friendly, automated reminder solves that issue, and reduces the need for any kind of person-to-person conversation.”

slackbot-replacing-guys-with-other-wordsIntercept some intelligence for The Situation Report? Send to dverton@meritalk.com.

 

 

Dan Verton
About Dan Verton
MeriTalk Executive Editor Dan Verton is a veteran journalist and winner of the First Place Jesse H. Neal National Business Journalism Award for Best News Reporting -- the highest award in the nation for business/trade journalism. Dan earned a Master's Degree in Journalism and Public Affairs from American University in Washington, D.C., and has spent the last 20 years in the nation's capital reporting on government, enterprise technology, policy and national cybersecurity. He’s also a former intelligence officer in the United States Marine Corps, has authored three books on cybersecurity, and has testified on critical infrastructure protection before both House and Senate committees.
4 Comments
  1. Anonymous | - Reply
    18Fs silly political correctness is precisely the kind of thing that's putting wind to Trump's sails. Many Federal employees would cheer if we stopped the tom foolery and focused on getting really work done.
  2. Anonymous | - Reply
    Every contractor working for the Federal government is required to track their time and 18F is no different. If this were are true private contractor they could end up with significant fines. Time will tell if this is just the tip of the iceberg in 18F transgressions of the law.
  3. Anonymous | - Reply
    Contractors working under a time and materials contract are required to track their time. If it's a firm fixed price contract their employer is under no obligation to report his or her employees' time to the government.
  4. Anonymous | - Reply
    Agree that the 18F employees take liberal leave to the extreme. Speaking to several consulting team members, they take pride to say they work throughout the night so they are allowed to start work when they start work. Under the guise of failing small and failing early, they waste money trying to reinvent the wheel. Not sure if it is possible to track all their behind the scene expenses to tinker with acquisitions, 18F isn't recuperating their costs. 18F was a good idea but lacked controls. Their leadership needs overhauling.

Leave a Reply


Archives