VA chief opposes making CIO an undersecretary

Veterans Affairs Department Secretary James Nicholson said Thursday it is unnecessary to elevate the agency's chief information officer to the undersecretary level, as proposed in legislation moving quickly through the House.

At a hearing, Nicholson told the Senate Veterans' Affairs Committee that information technology and information security are "staff functions" and that policy directives recently issued in response to the department's early May data breach have sufficiently empowered the CIO at the assistant secretary level.

Nicholson said the VA functions effectively with the existing three undersecretaries - for health, benefits, and burial and memorial affairs -- each with operational responsibility over their respective components.

"The title you give someone, that's not going to fix anything," Nicholson said. "Underlying all of this is leadership, commitment and sound management.… It's how it's implemented. It's the cultural change."

The House legislation (H.R. 5835), proposed by House Veterans Affairs' Committee Chairman Steve Buyer, R-Ind., would create a new undersecretary of information services within the VA who would also serve as CIO. The bill also would establish requirements for notification of data breaches.

In addition, it would create three deputy undersecretary positions beneath the CIO: information security, operations and management, and policy and planning.

Proponents of granting the CIO undersecretary status argue that, at that level, the CIO would be able to go directly to the secretary on policy matters and participate in executive level decision-making.

Former VA CIOs John Gauss and Robert McFarland voiced support for the move in a House Veterans' Committee hearing Tuesday, stating that it is important for the CIO to be involved in decision-making.

"I watched the CIO try to lead the change process, and at every forum that he would call, the principal deputies would show up and [the change] was prevented," Gauss said.

At a markup of the House legislation Thursday, Veterans' Affairs Committee members quickly approved Buyer's legislation. It could go to the House floor as soon as the Congressional Budget Office produces a cost estimate.

Buyer said he expects the legislation to move to the full House in September, despite talk of moving the bill before the August recess. There is no companion bill in the Senate.

Buyer's attempt last year to centralize IT security was stymied by Senate Veterans' Affairs Committee Chairman Larry Craig, R-Idaho, who said in an interview with Government Executive Thursday he does not know whether he would accept the House provision elevating the CIO to the undersecretary level, should the bill move to the Senate.

Craig said he wants to avoid legislating changes in the executive branch because he does not believe Congress can "design the perfect system."

But Craig said he will speak with Buyer and see that some changes are made, "whether it is under this secretary's design, or whether it's under what Chairman Buyer wants to do in the House."

"We're not going to tolerate this any longer," Craig said. "There is not going to be another IG report coming to the Congress that [says] 'Once again warned and nothing happened.' "

Congressional sources said while it is unlikely the provision elevating the CIO to an undersecretary will be enacted, it will be difficult for the Senate to ignore the House bill as it did last year, because of the publicity surrounding the May data breach.