The Department of Veteran Affairs.
The Department of Veteran Affairs (VA) was established in 1989. It succeeded the Veteran Administration, and has responsibility for providing federal benefits toveterans and their dependents. It is the second-largest of 14 U.S. Cabinet departments, with more than 25 million active veterans and roughly 70 million people eligible for VA benefits.
In 2002, theVA awarded an 11 year $103 USD million contract for the creation and operation of a security incident response center that would become “the nucleus of all VA information and Internet securityoperations nationwide, providing continuous protection, detection and response capabilities against threats, remotely exploitable vulnerabilities and real time incidents on all VA affiliated networks”.
Asa result of mismanagement and errors in the planning, award and administration of the contract, the VA wasted $92 million in just three years before the Project was killed for lack of availablefunding. An audit by the VA Inspector General reported the following key findings:
1.- The VA selection process to identify a qualified provider for the Project was faulty, with little due diligence putinto assessing provider qualifications or ensuring that the quoted prices were reasonable. Just one week before the contract was awarded to a firm called the Veterans Affairs Security Team, the companyincorporated as an LLC (Limited Liability Corporation), which means that the owners were protected from liability for acts and debts of the firm.
2.- A major scope change was made to add a ManagedSecurity Servicess (MSS) component to address the “acquisition , installation, integration, configuration and monitoring of VA’s enterprise infrastructure; vulnerability assessment and penetrationtesting; cyber security intelligence gathering and support of network operations; and support of the Enterprise Cyber Security Infrastructure Project. This scope change was managed poorly and led to...
Leer documento completo
Regístrate para leer el documento completo.