VA's CIO takes over bureaus' systems

'There are folks who don't think [the IT realignments at VA are] necessary, and there are folks who think' they are.

'CIO John A. Gauss

Ricky Carioti

With expanded authority over the systems domain of the Veterans Affairs Department, CIO John A. Gauss has identified two initial priorities: cybersecurity and IT investment oversight.

Gauss, a retired Navy rear admiral, has been the VA's assistant secretary for information and technology since last summer. But until last month, he had little sway over the CIOs in the department's bureaus: the Veterans Benefits, Veterans Health and National Cemetery administrations.

That all changed Aug. 6, when VA secretary Anthony Principi called for the department to centralize its IT program. The bureaus' CIOs'K. Adair Martinez of VBA, Gary Christopherson of VHA and Joseph Nasari of NCA'now are deputies reporting to Gauss. Revamping the department's IT structure takes effect Oct. 1.

'You are going to see some changes in the lines of authorities,' Gauss said.

An initial major change will be in cybersecurity. Gauss said the systems security staffs at VA headquarters and its three major agencies will work in one office under Bruce Brody, associate deputy assistant secretary for cybersecurity.

Each administration now has its own cybersecurity staff that coordinates loosely with the others, Gauss said.

To make security changes as quickly as possible, Gauss created a joint task force that has begun work on the transition. The changes in the VA's cybersecurity programs take top priority, Gauss said.

'Cybersecurity is truly an enterprisewide effort, and folks who think that it can be compartmentalized into piece parts are grossly mistaken,' he said. 'Securing IT is a weak-link phenomenon: Security is only as strong as the weakest link.'

On the financial front, Gauss said, VA management will get a better sense of IT expenditures departmentwide after he integrates the bureaus' investment strategies.

Under the new structure, Gauss has authority over the department's IT appropriations, which he said is a good management practice that will assure financial discipline and accountability.

Previously, the bureaus developed independent budget plans and exhibits for the Office of Management and Budget. Gauss said the problem was that 'there is not necessarily a one-to-one correspondence between what we said in the budget exhibits and what happens when we spend the money.'

Now, the three administrations will provide Gauss with a financial plan detailing spending requirements for each systems project.

With insight into the details, Gauss said he will be able to find ways to improve services and reduce costs when possible. For instance, if all three bureaus plan to buy similar software, then the department can negotiate a better deal for all of VA than the individual bureaus would be able to get, he said.

Reshuffling in areas such as project management, training, records management and telecommunications will come later, Gauss said.

A chief goal of better coordinating the department's IT work is to reduce duplicative efforts. 'I would think that when we combine these things, we will have a reduced [employee] count, but not that anyone is going to get fired,' Gauss said. 'That's not in the cards. We have lots of vacancies.'

Employee input

Gauss took the pulse of VA systems employees nationwide last month during a conference in Austin, Texas, where about 300 midlevel VA employees representing IT and management gathered to discuss the changes.

'That memo did shock a lot of folks,' Gauss said. 'And there are folks who don't think it's necessary, and there are folks who think it is.'

Gauss said the conference, the first in a series he intends to host every six months, let him learn directly from VA employees the types of problems they face. In turn, the employees got a chance to understand how the changes will affect them.

'Everyone in the room could live with the decisions after we left the conference,' Gauss said. 'You don't have to like them, but you have to be able to live with them.'


  • Records management: Look beyond the NARA mandates

    Records management is about to get harder

    New collaboration technologies ramped up in the wake of the pandemic have introduced some new challenges.

  • puzzled employee (fizkes/

    Phish Scale: Weighing the threat from email scammers

    The National Institute of Standards and Technology’s Phish Scale quantifies characteristics of phishing emails that are likely to trick users.

Stay Connected

Sign up for our newsletter.

I agree to this site's Privacy Policy.