Secretary for Information and Technology and Chief Information Officer Kurt Delbene says his goal is to make the U.S. Department of Veterans Affairs the model of what it means to be a modern IT shop in the federal government.
Joined by Charles Worthington, CTO of the VA, Luwanda Jones, deputy chief information officer in the office of strategic sourcing and Carrie Lee, acting executive director of product engineering, Delbene laid out his vision orientation – the processes working to make Vision 22 a reality in a media roundtable on Friday.
Delbene said that as a first step after being appointed last November, he sought to reduce the layers of management across the organization to increase collaboration and speed decision making.
“Very flat organizations are typically the most effective ones,” he said.
The second step was to set a vision of what great IT looks like to deliver on veterans’ and their care stakeholder needs.
Delbene described the VA’s overall IT strategy as having four elements: It’s vision-driven, aims for operational excellence, delivers “delightful” end-user experiences and invests in OIT teams, including looking at what the value proposition and career path are for the VA’s IT employees.
“I think that’s really what digital transformation is all about at its heart. It’s a recognition that these core systems are now the key to achieving the outcomes of the organization,” he said.
Driving vision with zero trust
Delbene said when the VA stepped back to define a technology vision, they connected it to a two-to-three year roadmap and are defining the resource allocation for that roadmap for all major portfolio areas within the VA.
That means the agency is prioritizing work by first focusing on being a zero trust network as the way of thinking about securing the VA organization overall.
“Zero trust – the strength of that framework – is that it cascades directly into a set of measures of security, it helps you make decisions between the plethora of products that are out there that people are trying to sell to you and say, ‘No, we have a set of objectives that represent our journey towards zero trust,” he said.
The zero trust effort under Delbene means organizing and getting aligned on a set of milestones, the metrics drive that success and the resource allocation.
It’s also constantly honing to improve execution as a modality for the VA’s operational excellence, which supports 500,000 desktops, 900 systems and 2,000 different locations.
“We’re always dealing with the fragility of these systems,” he said, and measuring system performance and reviewing detailed analytics when incidents occur to figure out how to improve operations moving forward.
Delbene described other areas of cybersecurity focus, including endpoint and vulnerability management.
By employing man-in-the-middle cybersecurity systems, which address eavesdropping attacks where cyber attackers interrupt an existing conversation or data transfer, the Office of Information and Technology aims to address third-party access security challenges, i.e., token stealing.
“The whole premise of you know who it is you are talking to, you know it’s a valid endpoint you are talking to as well,” said Delbene
With multiple layers of threat detection and avoidance in place at the VA, OIT is looking at rich monitoring to catch potential incidents as they occur, “but we need to amp up our monitoring to overall,” said Delbene, so the agency is looking at how artificial intelligence can analyze patterns of communications to evaluate end-user points outside of the VA network.
Overall, zero trust for the VA is an ongoing process. “It’s a journey, not just a destination you get to,” he said.
Changing the way VA develops
Lee’s summary of low-code approaches that are solving some of the VA’s greatest digital modernization challenges provided real-world examples of the VA’s drive to improve operational excellence for veterans.
She said…
Read More: How VA CIO Kurt Delbene is leading the agency’s digital transformation