VA still dragging feet in answering congressional inquiries
Veterans Affairs has not fully responded to questions from Congress about data breaches dating back almost two years.
The Department of Veterans Affairs’ pattern of selective responsiveness – and sometimes total unresponsiveness – to oversight inquiries from the House Veterans Affairs Committee has continued into 2014.
VA has 111 outstanding requests for information from the panel dating back to June 2012, including a series of eight inquiries delivered to VA in late October and into November concerning information technology security in the wake of multiple data breaches compromising VA networks since 2010.
Those inquiries, a high priority for the committee because of the potential seriousness of the data breaches, were due in early November, are now two months overdue, with only a preliminary letter authored by VA CIO Stephen Warren sent to Rep. Mike Coffman (R-Colo.), chairman of the Oversight and Investigations Subcommittee.
“The leisurely pace with which VA is returning requests – and in some cases not returning them – is a major impediment to the basic oversight responsibilities of the committee,” a Capitol Hill official with knowledge of the inquiries told FCW.
The source said VA’s unanswered questions have “created mounting frustration” for committee members, prompting Chairman Jeff Miller (R-Fla.) to “take the unprecedented step” of writing weekly letters to VA Secretary Eric Shinseki detailing the number of outstanding requests and calling for “accurate information in satisfaction of these requests.”
In Warren’s response to the committee on Nov. 22, he wrote that "VA will continue to work to provide information that is responsive to the subcommittee's requests.” In November, sources within VA’s Office of Information Technology, where most of the questions were directed, told FCW that the congressional probing had caused a “stressed environment.”
The VA sources said only 20 of its 8,000 OIT employees were compiling responses, with one telling FCW it was like “another full-time job for a lot of folks,” though Congress has insisted the questions should be rudimentary for any large IT organization.
The Capitol Hill source told FCW that a recent internal memo authored by Warren asks VA OIT personnel to focus on four areas: system baseline practices and procedures, configuration management, patch management and elevated privilege review. That initiative drew limited praise from Miller, indicating VA likely has a long way to go before it rights the transparency ship with Congress.