From the testimony of Robert Klopp, Deputy Commissioner of Systems and Chief Information Officer, Social Security Administration yesterday to the Subcommittee on Information Technology, House Committee on Oversight and Information Technology:
... In our last hearing, some Members voiced concerns about a lack of leadership on cybersecurity at the agency. I appreciate this concern, but I also think we need to be careful about assuming that any security weakness is the result of bad management. If the fact that there are vulnerabilities in our IT infrastructure reflects a lack of leadership, then I accept the responsibility for the lack of leadership. If the criteria is that, if DHS [Department of Homeland Security] finds anything wrong, this reflects a lack of leadership, then I accept the responsibility. But this also means that every agency that has a vulnerability, exploited or not, has a leadership issue - and that means every agency, not just SSA. ...
The SSA can shift funding from our IT budget for cyber, but soaking up any savings by spending it on cyber does not fund continuous improvement. It does not fund IT modernization. The idea that the SSA, or any agency, can do more in cyber while simultaneously rebuilding our IT infrastructure is no less a fantasy than the idea that the country can modernize any other infrastucture - our roads, our dams, our electric grid, our military - without an investment.
My testimony includes a request to modernize IT and to fund improvements in cyber defenses. Wishing for better IT from cost cutting will not help. Wishing for cost-cuts with no investment will not help. Passing legislation without providing funding is not enough. ...
13 comments:
When I was paying for Medicare with a direct withdrawal from my bank account, I would get a Paper Statement every month.
There was NO way that I could find to discontinue these unnecessary paper statements, which had my social security number on them, by the way. Bad for security and a total waste of money.
Well said. I have appreciated the improvements in online services and hope that continues. I understand it has costs. I have to wonder if the system for ssa employees improves as much. Just looking at some of the items in the electronic files, I'm afraid not.
I have never found any evidence or had reason to suspect that the site wasn't secure of information was going where it wasn't intended.
What a great job he did proving his point.
Shame it fell on deaf, uneducated, ears that have no idea whatsoever how the technology works. Like explaining a flashlight to a caveman.
On the brightside, even upgrading to windows 3.1 would be a 30+ year jump in technology for SSA, and copies of windows 3.1 are probably reasonably cheap nowadays.
Biggest problem with the union is they continue to downplay the fact that PCOM should have been gone 10 years ago because they are only concentrated on more staff. There is also clearly a sentiment that once we have a functioning computer system, CR's expertise won't be needed. The truth is there is a huge need to shift that knowledge to policy knowledge which is severely lacking.
10:16 nails it
The poor CRs and TEs in the FOs/DOs already have plenty of law and policy to contend with; they shouldn't also have to have years and years of expertise in our archaic, piecemealed, frankly crappy and outdated computer systems in order to be effective in their jobs.
Our systems need to be recreated from the ground up. That IT guy must be on the way out, because I've not heard SSA brass be that candid about simply needing money and ideas of efficiency, etc. being fantasy (he used that word!) since Astrue left. Or maybe our top brass doesn't mind being more antagonistic about funding when it's the team that doesn't spend as much holding all control? Who knows, but good for that guy.
I am by no means an IT specialist, but I see the problems updating simple systems in a regular office and the hassles they create. I cannot imagine how difficult it would be to update the very ancient SSA system and have everything continue to function with no unintended problems. The solution was put off too long, it will take a Herculean effort and boatloads of money to update.
I cant get my smart phone to update and not loose contacts or have one app or another no longer function. This is a larger task than getting everything computerized. A full solution would take the better part of a decade and would be out of date by the time it was finished.
There is no silver bullet here, no easy solution. This is a problem for the best and brightest of the country, a mini Man to the Moon problem.
Too bad the government has no interest in asking the best or the brightest..."lowest bidder please!"
12:33
absolutely. It will be a herculean effort with a hefty price tag. But it needs to be done, full stop, or we will never, ever be able to PROPERLY move all the work we have to work within any reasonable timeframe. There's just no two ways about it.
So we can ignore the elephant in the room like we have been: throw a little bit (but still significant!) of money at the problem every time something fully breaks and we have to, just enough to keep things marginally operational. Or we can put on our big boy and girl pants, pony up the dough, and actually revamp everything so that we end up with a system that--gasp!--works well and will continue to work well into the future.
I think part of the problem is that we never have done one huge computer system project. We only ever have enough money for partial projects--this one new system, that one new feature, etc. Not doing one huge, overarching IT project creates this piecemeal process where nobody is really thinking about the big picture (how everything plays with everything else, widespread implications of how processes work with one another, etc.), they only care about employing the one little thing they were contracted to do.
How we do our IT is akin to trying to build a car where each part of the production line doesn't really deal with the other--the individual parts may be nice, but like, how does that whole vehicle look, run, etc.?
Anyone that has ever had to complete an A101 understands how badly an update is needed. It may just be me, but I see no movement to a long term proper solution. Like 12:57 stated, more band aids to keep it moving along in starts and fits. Since we cannot have a complete budget for the country but rely on stop gap continuations I see no way for a "real" solution to be done.
Perhaps, part of the problem is not a desire to see the system fail and be privatized, but a genuine lack of understanding among those who appropriate the money. Say "update a computer system" and they see new desk top machines and maybe a new "program to run it all" and do not fully comprehend the depth, expertise and intricate nature of handling so much outdated formatted data. It is hard to educate when people baulk at the price tag before even finding out what it is for and what it will do.
I will buy some stock in abuscus manufacturing.
This is a non story. Klopp is out looking for his next job. DCPS will fail again, only the Trump team will get the blame. State DDS's will never accept DCPS, unless money magically appears as an incentive.
He did his duty of telling congress what was needed to get the job done. Act II of the play is for the congressional committee to dither and then fail to to provide the necessary resources to get the job done while vaguely casting blame elsewhere. Act III is to wait a number of months and to request another study or investigation. Rinse and repeat.
Post a Comment