While the IC’s research organization looks into adding security to cloud environments, in the here and now, intelligence agencies are sharing more data.
Rob Thomas, the acting CIO of the Veterans Affairs Department, has always believed in this saying: “If you want to predict the future, you have to create it.” At the VA, Thomas said that by moving aggressively on transforming the department’s technology, the agency has put itself in a position to make bold IT choices going forward.
Speaking at the GITEC Summit 2017 in Annapolis, Md., on Monday, Thomas said that the VA’s Office of Information & Technology (OI&T) has undergone a remarkable series of changes over the last 18 months and is “at the center of gravity right now on improving the veteran’s experience.”
However, more work needs to be done, Thomas acknowledged. The VA is just starting to roll out its pilot of a commercial scheduling solution following a scarring controversy over long wait times for veterans seeking healthcare. The agency is also expected to make a decision by July 1 on whether to revamp its Veterans Information Systems and Technology Architecture (VistA) electronic health record platform or move to a system provided by a commercial vendor.
Thomas noted that under President Trump’s fiscal 2018 budget proposal, the VA is one of only three agencies that would see a budget increase (along with the Defense Department and Department of Homeland Security). “That's a big deal, so we are going to be moving forward in a big way,” he said.
“At the VA, and in information technology in particular, it can no longer be an evolution,” Thomas added. “It really must be a revolution.”
The VA is unique in many ways, Thomas noted. It has a completely centralized IT organization across the country and a single IT appropriation (with a $4.3 billion IT budget). As the largest civilian agency, it also has separate IT sub-appropriations for development, sustainment, and salary and benefits. “We do have a great, great opportunity,” Thomas said.
Thomas noted that 18 months ago, former VA CIO LaVerne Council told a GITEC conference about the agency’s need to transform — immediately. The VA, Thomas said, “needed a new operating model and new operating techniques.”
The VA operates the largest healthcare organization in the United States and delivers benefits to millions of beneficiaries and veterans every month, Thomas said. “Supporting a large enterprise in an IT organization means meeting demands that are ever-changing,” he added.
“We need to keep pace with the rapid pace of technology and IT today,” Thomas said about challenges facing the VA. “We really need to be about the deploying the next generation of our solutions and defending our data.”
Changing the way an agency operates is not easy, Thomas acknowledged, due in part to the large bureaucracy. Yet the VA’s OI&T, which provides IT services across the department for healthcare, benefits and cemetery services, charted an aggressive course to change how it operated, he said.
“We were aggressive, but we did get there,” Thomas said. “And that’s why I think the future for us is extremely vibrant.”
For one thing, the VA changed how it manages its entire program and project management capabilities, consolidating employees working on development into a single Enterprise Program Management Office; it brought together 1,400 employees who had been spread across the agency.
The VA shifted from a waterfall development model to agile, which cut down its release and development cycles and sped up the delivery of new applications and services.
Further, the agency changed how it works with other VA elements, and now has IT account managers that work with the healthcare, benefits and cemetery components within VA to create solutions that better serve veterans.
The VA also institutionalized accountability through the creation of a Quality, Privacy and Risk function to drive efforts around accountability and risk management, Thomas said. The agency expanded its risk management team, resulting in a more secure VA network to safeguard veterans’ information.
Speaking of data, the VA has also created an Enterprise Data Management function to leverage its vast amount of data, with the goal of using VA and veterans’ data to predict trends, prescribe courses of action and improve outcomes for those who served. The VA’s aim is to enable better partnerships with DOD.
The VA also created an enterprise cybersecurity strategy and boosted adoption of personal identity verification (PIV) cards. When Thomas came to VA in early 2015, only 7 percent of the agency’s 450,000 full- and part-time employees used PIV cards; now that figure is up to 86 percent. The VA also has reduced the use of prohibited software by 95 percent, Thomas said.
The VA had “a fearless leader” in Council, Thomas said. Morale was high, with employees working late nights and on weekends to transform the agency’s IT.
“I’m proud that the OI&T transformation happened 18 months ago. It’s made significant progress,” Thomas said. “We have an overarching strategy in the VA called MyVA, and in that strategy the secretary said we have made the most progress on the transformation. But I think what’s most powerful about it is that by doing what we did, and by seeing the future ahead of time, now we’re going to be able to take on those big and bold ideas as we move forward into this new administration.”
Thomas said that the VA has accomplished “a whole lot” but that he “would be the first to tell you that our work is definitively not done.”
This year the VA will continue to execute on three main goals: Stabilizing and streamlining core processes; eliminating material weakness; and continuing to institutionalize new capabilities.
The VA is getting ready to kick off an 18-month pilot for a commercial scheduling capability in Boise, Idaho, known as the Medical Appointment Scheduling System. The agency is also getting ready to roll out enhancements to its legacy scheduling system. Thomas said “scheduling is a major, major focus for us. It continues to be this year — as it will be next year — as we continue going down the road on [commercial solutions].”
Further, the agency is going ahead with plans to consolidate and modernize its financial management system, and is using the Agriculture Department as a shared service provider.
The VA is looking to modify its benefits delivery network, which is still run on the outdated COBOL programming language, making it particularly vulnerable to security threats.
And of course, the decision looms on the EHR platform, which Thomas said the VA is evaluating. The agency is mulling over four options, one of which would be to divest VistA to a commercial provider and run it as a Software as a Service cloud model.