Buyer: VA IT centralization a model for other agencies
- By Mary Mosquera
- Dec 15, 2006
The decision by Veterans Affairs Secretary James Nicholson to centralize his department's IT management and budget is a model for other agencies, said House Veterans Affairs chairman Steve Buyer (R-Ind.), who praised the secretary's leadership.
It wasn't always that way. The outgoing chairman often chastised Nicholson for his department's nonresponsive culture during hearings last summer in the wake of a massive data breach.
'When Nicholson said he wanted VA to be the gold standard, he took ownership of the issue,' Buyer said.
Nicholson is moving
IT management and applications development directly under VA's CIO Robert Howard. VA originally planned to keep development with its health, benefits and burial administrations.
'We are centralizing the system, standardizing it and modernizing it. The goal is for us to be more effective, more efficient, and to enhance the safety and security of the vast amounts of data with which we are entrusted,' Nicholson told reporters in a briefing this week.
The decision to centralize IT complements the Veterans Benefits, Health and Information Technology Improvement Act of 2006 (S. 3421), which Buyer introduced in the House and which the Senate passed early Saturday morning before the 109th Congress adjourned.
The bill establishes authority for information security under the CIO. It also provides for breach notification to individuals, reports to Congress, fraud alerts, credit monitoring and identity theft insurance, for which VA must implement regulations within six months.
In the next Congress, Rep. Bob Filner (D-Calif.) will be committee chairman.
Agencies can't transform themselves without a push, Buyer said. He pointed to the Justice, Agriculture and Defense departments as examples of largely decentralized agencies. CIOs of some other departments have already contacted the VA CIO about how to make it happen.
'Departments need to have a chairman that takes an interest in oversight, and at the same time they need to get squeezed by OMB,' Buyer said. For example, he said, the Office of Management and Budget cannot continue to let agencies fail to comply with requirements under the Federal Information Security Management Act.
Centralization will lead to a higher probability of success for large complex IT programs, such as financial management and the modernization of VistA, VA's electronic health record. Buyer has said previously that VA's decentralized nature contributed in large part to such failed IT programs as the CoreFLS financial and accounting system, which VA aborted after spending $342 million on it.
'You build the centralized architecture, and that paves the way for sophisticated interoperability whereby we can produce a new operating system. What we're doing now is that we keep adding changes onto an older system,' Buyer said.
The House last year passed legislation that Buyer spearheaded to centralize IT authority. It included recommendations advanced by Gartner Consulting of McLean, Va., which VA hired to assess the department's IT management environment, to transfer IT management and budgeting under the department CIO.
But the theft of a VA laptop containing the personal data of millions of veterans set in motion a process that accelerated centralization. Buyer conducted eight hearings investigating the data breach and the ineffectiveness of VA's IT security and data privacy policies and procedures. They revealed major gaps because of the lack of centralized enforcement and VA's decentralized nature.
VA this fall changed course and adopted full centralization at the recommendation of IBM Corp., which VA hired to implement the original federated model. Buyer cited 'the cumulative effect' of Congress and best practices advanced by industry, and the fact that some who had blocked centralization ' 'the centurions of the status quo' ' were no longer with the VA.
Mary Mosquera is a reporter for Federal Computer Week.