Abuse of authority, nepotism, and other HR violations are among the findings of two reports issued by the Department of Veterans Affairs inspector general.
Two reports issued by the inspector general of the Department of Veterans Affairs point to a range of misconduct in the agency's IT department in recent years, including abuse of authority, prohibited hiring practices, and favors gained as a result of a personal relationship involving the agency's former CIO and an IT security official reporting to him.
Following an internal investigation, the inspector general said it substantiated that Katherine Adair Martinez, the agency's deputy assistant secretary for information protection and risk management, engaged in prohibited personnel practices when she influenced a VA contractor to hire a personal acquaintance and again later when that acquaintance was hired by the VA. Martinez was also found to have taken advantage of "an inappropriate personal relationship" with Howard, her supervisor, to relocate her office to Florida. Howard left the VA in January 2009; Martinez still works there.
According to one of the inspector general's reports, following Martinez' relocation to Florida in July 2008, the VA spent $37,000 on Martinez' frequent trips to and from Washington, ostensibly for job-related tasks. However, the inspector general determined that those tasks could have been accomplished from Florida, and that Martinez and Howard continued their personal relationship during that time.
According to the report, Martinez misused her position for the personal gain of Laura Nash, a friend who was hired for an identity security project despite little related experience. Nash was hired by contractor Engineering Systems Solutions in September 2006 as the project lead on a five-year, multi-million dollar contract to help the VA protect personally identifiable information, despite having taken only one computer class in college.
That project was part of an effort initiated by Jim Nicholson, the VA's secretary at the time, to overhaul the agency's cybersecurity processes, following data breaches that included a stolen laptop containing personal records on as many as 26.5 million veterans. Martinez was CIO of the Veterans' Benefits Administration at the time she met Nash nearly 10 years ago, according to the report.
The reports found improper action among other VA employees, including Martinez' top deputy for risk management and incident response, Kathryn Magginis, and Howard's executive assistant, Jennifer Duncan. Howard isn't implicated in the actions of Martinez, Magginis, or Duncan.
"VA expects our employees to set the highest levels of personal and professional conduct; therefore, we are extremely concerned by the descriptions of alleged improper conduct by VA staff," the Department of Veterans Affairs said in an e-mailed statement. "The department is aggressively pursuing a thorough review of the situation and will continue to work with the appropriate authorities. VA does not condone misconduct by its employees and will take the appropriate corrective actions for those who violate VA policy."
Current VA CIO Roger Baker said in a letter to the inspector general that he concurred with findings suggesting that the VA take "appropriate administrative action." Baker joined VA in May from IT services firm Dataline.
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
IT Strategies to Conquer the CloudChances are your organization is adopting cloud computing in one way or another -- or in multiple ways. Understanding the skills you need and how cloud affects IT operations and networking will help you adapt.