Maine ACES delivery of benefits

Information technology updates can have unexpected benefits.

Just ask the Maine Department of Health and Human Services.

The department had been using a mainframe-based system to process and deliver public-service benefits to its residents since the 1970s. The system was written in Cobol, and the technology that supported it was facing extinction, said Thomas Keyes, deputy director of DHHS' Office of Integrated Access and Support.

Apart from impending extinction, the old system had other problems. For example, if someone applied for Medicaid and food stamps, DHHS workers had to enter the client's information twice. The system couldn't calculate eligibility beyond limited algorithms for food stamps and Temporary Assistance for Needy Families. Staff members had to figure out eligibility status with pen and paper.

'It was pretty labor intensive,' Keyes said. 'We were long overdue for a new system.'

In 2000, the department sent out a request for proposals for a fully integrated Web system for all benefits eligibility programs.

Keane, an IT services provider acquired last year by Caritor, won the contract and began working with the state to build a new system from scratch. The Web-enabled system, called the Automated Client Eligibility System, or ACES, was implemented in September 2002.

'It was a huge conversion effort,' Keyes said. Only about 20 percent of the data needed to run ACES was available in the older system.

But the effort is paying off. The new state system has speeded delivery of benefits, reduced paperwork and determined eligibility more accurately.

It has been something of a double- edged sword, Keyes said. As a result of ACES' improved efficiency and more accurate assessment of clients' needs, the department's caseload has increased significantly. For example, before ACES, Maine had 60,000 households on food stamps; now it has 80,000.

ACES 'allows us to do an interactive interview with the person and directly enter their information into the system,' Keyes said.

' Trudy Walsh Utilities could be open to attack The movie 'Live Free or Die Hard' featured the concept of the Fire Sale, a fictional coordinated plan to shut down the critical infrastructure by attacking its computer systems.

The Hollywood depiction was sensationalized, but the basic plan of attack could be feasible, at least given the state of security on utility control systems, said Jerry Dixon, former acting director of the Homeland Security Department's National Cyber Security Division. He is now director of analysis at Internet security consulting firm Team Cymru.

Dixon, speaking at the SANS Security 2008 conference last week in New Orleans, said the control systems of utility companies, many in remote locales, are often controlled by dial-in modems, and their systems have outdated or nonexistent security and authentication technologies.

Those on a network could be sharing equipment with other less-sensitive systems and, hence, vulnerable to a crossover attack.

Also, control system management software tends to be poorly designed and filled with points of vulnerability.

Dixon cited an infrastructure vulnerability found last fall by the Energy Department's Idaho National Laboratory, in research work funded by DHS. The work demonstrated how a megawatt generator could be broken from afar by calling into the substation system and executing a number of malicious commands to alter the workflow logic of the generator.

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above