The Situation Report: Investigating VA Cybersecurity and 18F
Follow The Money
A recent audit of the Department of Veterans Affairs’ 2015 financial statements uncovered more than a few problems with the department’s balance sheets. According to the independent public accounting firm CliftonLarsonAllen LLP, the review of VA’s financial statements revealed continuing material weaknesses in the agency’s IT security controls. Although the audit gives VA props for making progress on its Continuous Readiness in Information Security Program (CRISP), the department remains a disjointed mess when it comes to configuration management and access controls.
“We continue to identify significant technical weaknesses in databases, servers, and network devices that support transmitting financial and sensitive information between VA’s medical centers, regional offices, and data centers. This is as a result of an inconsistent application of vendor patches and outdated system software that could jeopardize the data integrity and confidentiality of VA’s financial and sensitive information,” the audit states.
Meanwhile, surveillance footage received by The Situation Report reveals another side to VA’s troubled Financial Management System (FMS)—manual madness. VA’s FMS “continues to require extensive manipulations, journal entries, manual processes, and reconciliations in order for VA to produce a set of auditable financial statements.”
Find The Money
My remote listening post concealed on the corner of 18th and F Street in downtown Washington, D.C., has picked up unconfirmed reports that the General Services Administration’s inspector general wants to know how the agency’s digital services consultants used about $200,000 worth of funding. The IG’s office would neither confirm nor deny it is conducting an investigation, but digital intercepts indicate that financial record keeping may not be a core competency at the corner of 18th and F.
Tackling The Tough Problems
It’s no secret that many of the most senior Federal IT leaders are concerned about the future of the government’s digital services. So we asked a few confidential informants to dig up proof that the newest Federal techies from Silicon Valley are ready, willing, and able to tackle government’s most difficult problems. Here’s what was left at one of our frequently used dead drops:
- The best digital minds at 18F were so concerned about making people “feel bad” by using the word “guys” instead of “team,” that they customized Slackbot’s autoresponses to replace the words guys and guyz with more inclusive language. The customized Slackbot recommended the following:
Did you mean y’all?
Did you mean team?
Did you mean all?
Did you mean pals?
Did you mean gang?
Did you mean crew?
Did you mean people?
“Turns out, a little cultural hack can go a long way,” wrote 18F’s Front End Designer Maya Benari. “It’s easy to forget these things and say guys unconsciously, but a nice, friendly, automated reminder solves that issue, and reduces the need for any kind of person-to-person conversation.”
Intercept some intelligence for The Situation Report? Send to dverton@meritalk.com.