The Pivot to Mass Remote Work: VA Tackles a ‘Once in a Century’ Event

FEDTECH: What proportion of your agency usually teleworks?

GFRERER: There are about 400,000 employees in the department. Pre-COVID, we had about 60,000 remote users on any given day. About 40,000 VPN-type service with government-furnished equipment, and with 16,000 using the Citrix Access Gateway. The vast preponderance of those remote workers were in our Veterans Benefits Administration. The other two main business lines — Veterans Health Administration is largely on-premises healthcare delivery, although we did have some telehealth capacity that was ramping up and certainly ramped up substantially. And then, our National Cemetery Administration is a physical, on-premises activity as well. Today, we’re up at about 135,000 working remotely, anywhere from two to three times what we were previously doing. The largest expansion of that was for our clinicians that were delivering telehealth services.

FEDTECH: What concerns did you have about making the transition from either a technology or people standpoint?

GFRERER: My initial concern was around remote access, the ability to scale up to 100 percent of the workforce if needed. Secondarily, on the human factor side, my prime concern was our nearly 8,000 OIT employees. They’ve done phenomenally. From March 13 until early May, we were working seven days a week. And we still have elements of our infrastructure team that work seven days a week to maintain the enterprise. It does take a toll. From an applications perspective, we had the largest single-day deployment of Microsoft Teams in our environment.

In VA, OIT was the early adopter of Microsoft Teams, and we’ve used it aggressively. It has been put to the test. It has been found to be a very valued collaboration tool in our environment. And there are others — certainly our Cisco Webex video services. There’s a number of tools out there that have really allowed us to be as efficient as possible in a distributed and remote environment, which we all know is challenging. The information tech has really been the saving grace for this sort of contingency. It’s once in a century. We could never have envisioned the extent to which, time and scale, we would all have to be operating remotely.

FEDTECH: What are some tools that you’d already invested in, or that you procured on the fly, that helped you scale up and navigate this transition?

GFRERER: We have a VA enterprise cloud that is split fairly evenly between Microsoft Azure and AWS. We’ve been investing in it for over two years. I think VA is probably the earliest and furthest in terms of cloud migration in the federal space. If we as an Office of Information and Technology had not developed the governance, the process and the actual work of moving to the cloud and getting that down to somewhat of an art, maybe a science, we would have been much less better positioned to respond to this pandemic. There were about 50-plus COVID-critical systems early on that, in terms of supporting Veterans Health, we declared COVID-19 critical systems. Now we have 121 COVID-19 critical systems. Each of those were looked at very deliberately for any sort of acceleration in terms of migration to the cloud, and getting those performance and reliability enhancements that inherently we can realize when we do a cloud-based service and move off-prem.

The other big thing, too, is our effort around our group that does performance monitoring. We were already moving to an environment where every application would have to have end-to-end monitoring, and we’ve accelerated that. The ability, not only with telehealth, but with other things, to see inside the applications, to anticipate where systems needed to be load-balanced or remediated ahead of time, and preventing incident management calls and outages, that has been another success story in the pandemic.

FEDTECH: What IT situations arose that you did not expect? How did you handle them?

GFRERER: It’s not really a surprise as much as a realization — a thing you can only realize in a crisis — is the collaboration in the federal CIO community. I can’t say enough about Suzette Kent and her team in the Office of the Federal CIO. They brought us all together. She’s always on speed dial for me personally, and now she was on double speed dial. As challenges presented themselves, I could ask her for perspective, for advocacy. I could understand what was going on at the General Services Administration and other places. Especially in a crisis situation, the communication was not a surprise, but a really pleasant realization to know you weren’t going it alone.

FEDTECH: What’s the most unusual telework case in your agency?

GFRERER: The challenge really becomes that OIT can provision the very best of services, right up until the point that it leaves our network. And then the most critical portion is what we euphemistically refer to as that “last mile.” If you’re a telehealth provider in Waco, Texas, and you live 10 to 15 miles out of town, that’s a different story. In the National Cemetery Administration, the aspect most dependent on technology is the National Cemetery Scheduling Office. That’s a team of about 40 folks, largely desktop-dependent. So, we provided direct support to make sure they were able to move offsite, be remote, take their desktops and then make sure they were able to continue to address calls from family members around burial services. Even though burials and interments are largely suspended during the pandemic, they’re still taking those calls and applications.

One other area is our contact centers. We have just dozens and dozens of contact centers and call centers within the VA. A number of those had to go through social distancing and/or put workers offsite. And so again, we had to take the step of supporting them directly, making sure they had the right resources. And again, not everyone has gigabit fiber coming into their residence. We have a real diversity and a limitation around where that workforce sits. For the workforce and for supervisors and for the business lines — and I’m sure this goes across every agency — there are probably a lot of conversations and probably a lot of business with all the large internet service providers, for folks to realize, hey, I probably need to invest a little bit more in my personal readiness to make sure that I am capable of being as effective as possible when I’m operating remotely.

As the Veterans Benefits Administration continues to have claims flow in, we enabled them to pivot from a brick and mortar operation to an almost entirely virtual service delivery operation, obtained and delivered equipment to enable their workforce and facilitated reducing system errors and challenges in claims processing systems. We also provided systems stability better than any time in the last five years making sure that it ran smoothly. VBA is the entry point for any active-duty service member as they transition out of the military, and for any veteran that had not previously filed a claim. It receives the claims, the educational requests and the loan guarantee requests. It’s a very multifaceted financial services institution that sits atop about $130 billion in benefits distributed every year. That work all has to continue. They are a pretty routinized remote access workforce. While they maintain a presence at 56 regional offices, they have a large chunk of their workforce that is remote. And so all they had to do was expand on that.

FEDTECH: How are you ensuring cybersecurity during this massive increase in telework?

GFRERER: When you look at cybersecurity threats, 40 percent or more are what a lot of industry experts call the insider threat. We don’t mean insider threat in terms of malicious actors or someone actively trying to do harm to the enterprise. A good chunk is what we call the unwitting insider threat. The most obvious example of that is, I sent you a malicious link, you click on it, and bam, I have access to the network. Realizing that’s a real vulnerability and a real serious threat vector, especially in the time of the pandemic, there are threat actors in a variety of categories that are more than attuned and more than willing to take advantage of the chaos and disruption.

One of the tools we added was our Cofense PhishMe tool. That gave the average user a much easier direct path to report possible phishing. You get an email, you think it has a suspicious link or a suspicious sender, you click on the button, you nominate that link, and it reports that to our cybersecurity operations center, who then analyzes it. What we had previously was this cumbersome reporting on a personal basis through our information security chain. Not surprisingly, we’ve seen about a 400 percent increase in phishing attacks. But really, the vast majority of those were probably already there. It’s just that we’ve given the average user a much easier way to respond to it, which accounts for the majority of the increases.

WATCH: Learn how the VA uses telehealth to expand medical care to veterans.