In this interview with James Gfrerer, Assistant Secretary for Information and Technology and Chief Information Officer with the U.S. Department of Veterans Affairs (VA), and CEO of MileMarker10, Susan Sharer, the conversation turns to how VA’s ongoing transformation supports its COVID response, ongoing challenges, the importance of DevSecOps and how the industry can help moving forward.
Thinking Ahead to the Unthinkable
VA has been on a digital transformation journey for some time focused on all areas including business, customer experience, modernization, digital transformation and interoperability. When the pandemic landed on our doorstep we found we were largely prepared for that unthinkable situation and well positioned to address the challenges we faced.
There is a quote that says, “Luck is where preparedness meets opportunity.” COVID was not a situation that could be in any way called an opportunity but it was a threat that demonstrated for us that we have been making the right decisions and charting the right path with our Digital Transformation Strategy over the past several years. Looking at the foundation of preparedness including investment in cloud and digital transformation, we would not have been able to scale telehealth efforts as rapidly and effectively as we did had that not been our focus.
Without our engagement with Silicon Valley and our vendor partners, OIT would not have been as responsive to the Pandemic. From the infrastructure companies, to our carrier partners, our software vendors, as well as our Original Equipment Manufacturer (OEM) suppliers, OIT was able to communicate our needs, take the right actions, and coordinate with these vendors to provision the right resources, and position VA for a massive shift to remote access. Working with VBA (Veterans Benefits Administration), VHA (Veterans Health Administration) and our staff offices, we knew we had to stress test our systems, to make hard assessments early on and then work quickly with our vendor community to sort out what we needed to reinforce our infrastructure.
We also credit some of our success to being able to have the right conversations with those on the Hill, and we are grateful for the $2.115B in supplemental appropriation, for the resources we needed to be able to achieve success and deliver the business outcomes for VHA, VBA, and NCA. Of that, VA OIT received more than $6.4 billion for IT products and services, which is $4.3 billion in FY20 VA OIT appropriations (base budget) and CARES Act supplemental funding of $2.1 billion for COVID-19 response. That seems like a large number and it is but when you are dealing with something of this scale and magnitude, as well as the VA’s Fourth Mission, it takes a lot to support the Federal Government’s second largest agency.
Like most agencies, VA had a pre-COVID posture focused on a face to face business model that had to be transitioned quickly to remote work and remote access. There were a lot of challenges to be understood and overcome and we’re proud of our team and the quick collaboration with our VA Businesses.
While we have been able to put all of this in place, we are not resting on any laurels. There will be ongoing concerns around the safety of telehealth, around the threat actors that we know are so adaptive. We can have the best technology in the world, the best security systems, but we know there will always be a human factor to be considered.
With that in mind, like all Federal agencies, we put a high premium on training and ensuring our workforce is acclimated to the changing environment, that they are skeptical about threats. More often than not the weakest link is the social engineering that can happen to people, that many of us have or will fall prey to at some point. Placing a high premium on training our people to ensure they have the tools to think critically cannot be understated. We have also put in place new tools, especially on email, which make it much easier to report potential phishing attempts. That alone, has increased reporting (and I’d say awareness) by over 1500 percent since March. That same thinking applies to our processes and practices and that of our business partners. We cannot do enough to think about security.
All of our Government agencies are fortunate to benefit from a Federal CIO community and Council and CISO Council that is a vibrant collective body. We all have our own distinct missions but there is great collaboration amongst the group, a monthly cadence and three dedicated committees working in depth to understand and provide direction to solve evolving challenges.
VA’s Fourth Mission
In a national health emergency such as this, VA becomes the national Healthcare system of record, opening up our Fourth Mission. This extended mission directs us to be prepared to provide backup medical support and services to the nation based on requests from states, while being clear that Veterans are first.
We have come to understand there is still some work needed to be done within the procurement community to understand the priorities in a pandemic such as this, to be able to focus on what Healthcare agencies need. (The) Defense Production Act focused the Federal Procurement community more on national security Departments/Agencies, so the lesson learned was that greater prioritization was needed for Health Agencies, while in the middle of a Pandemic. The partnerships we had with our existing vendors definitely paid off in this case but there is still that need to focus on the procurement side to ensure we can recognize those agencies that are front and center during a health emergency.
From a business perspective, telehealth and tele-fill-in-the-blank are now here, and here to stay. We had been on a fairly good cadence moving ahead, plans that predicted where we would be in five and ten years that had to be moved ahead.
In October we hit 38,000 telehealth appointments a day. We are seeing tele-hearings around benefits and the VBA doing more around expanding tele-benefits, working with the various Veteran Service Organizations.
The ability to deliver care, benefits and services from anywhere to anywhere depends critically on technology and a robust infrastructure. That is within and through connections to VA but also with our carriers and partners and beyond.
An Ask for Industry
VA is very interested in differential services. With thirty percent of Veterans living in rural environments, there is still an essence of digital divide, of those who struggle to get the access they need. We will be looking to conventional providers to help close that gap and we have a keen interest in those companies with unique capabilities that can extend the conversation, that can ensure the digital frontier is extended for all of our society.
The Importance of DevSecOps
The journey around DevSecOps is about getting to that next stage. Our goal is to take horizontal pillars of capability from strategic resourcing to budgeting to security and driving those capabilities horizontally into our 5 portfolios, comprising 31 product lines across the entire Department.
For instance when a Product Manager for Community Care is looking to incorporate more functionality, there will and should be the traditional conversations around Ops but we also want the security folks adding in the right requirements up front so we aren’t trying to tag on after, and we want the budget analysts and the strategic sourcing people there right from the start. With all the right enablers matrixed into a product line, our Developers and Account Management teams will have a cohesive team with which to work with the VA Business lines to deliver products and services, as well as enhance and modernize these across a multi-year planning cycle.
People at the Heart of the Mission
Despite all of the great partnerships and technology, it all comes down to people and VA has an exceptionally talented and capable team. Without considering the workforce challenges of the future, without the right leaders in place, without a great team committed to the missions and synchronizing around a go-to market strategy, we cannot move forward in the way we want and need to.
We are growing in terms of staffing, but we are also constantly working with our existing workforce, reskilling and upskilling. When we find people experienced within the ecosystem, who bring that insight and perspective, we recognize they are a multiplier from day one and may just need an investment in skill development to pivot to where they want to be and we need them to be.
I always say this is the best job I have ever had — supporting this Agency with incredible scale, scope and an incredible mission, and ultimately delivering for Veterans, their Family Members, and their Caregivers. That is the team we are building – those with that same vision and passion.
About James P. Gfrerer
James P. Gfrerer was nominated by President Donald J. Trump to serve as the Assistant Secretary for Information and Technology and Chief Information Officer and was confirmed by the United States Senate on Jan 2, 2019.
As Assistant Secretary, he leads a team of more than 8,000 employees and 8,000 contractors in the Office of Information and Technology (OIT) to deliver technologies and services that improve the Veteran experience. OIT manages an IT budget of $4.2 Billion in support of the Veterans Benefits, Veterans Health, and National Cemetery Administrations and the entire $200 Billion VA System. In this largest centralized IT program in the Federal space, OIT executes the enterprise IT strategy, transforms the business, operates the network infrastructure, and secures all applications and systems.
Ahead of his commercial sector tenure, Mr. Gfrerer was an active duty Marine Corps Officer, rising to the rank of Colonel. Throughout his 28 years of service, his assignments included specialties such as infantry, IT, training, and cybersecurity. He served as a Marine Corps-wide System Support Officer, supervising IT and decision-support systems, migrating legacy systems to web- and micro-based applications, and developing early mobile applications. In his operational tours, he commanded at every level, including four combat tours in Kuwait, Iraq, and Haiti. His final active duty assignment was as a DOD Detailee to the Department of State, where he was a Senior Executive in Counterterrorism Communications and a Senior Military Advisor and Cybersecurity leader for an Undersecretary.