A few years ago someone handed me a document describing the Department of Veteran’s Affairs IT organization. It was an impressive print from a nicely-done PDF file. It would have surely been all glossy if it had been one of the hard copy editions I imagined were passed around the higher circles of Washington.
I was the IT Director, and had been functioning as an intrapreneur for a few years getting the organization and it’s collaborators onto a long term vision for IT. This particular person had more than a few times erected fences to IT progress, and in this case was suggesting that the VA was a model of excellence. I took the report home.
Virtually everything about it rubbed me the wrong way. Huge expenditures, serious contracts with the major names (which cost millions in overhead) and very little “innovation around the edge” if any at all. A centralized system of command and control. The kind of system that forces just about everybody to quietly break the rules in order to meet their goals and satisfy their supervisors. The very sort of inrastructure that had enabled me to innovate in the first place — I often felt I got support from collaborators solely because they had been through combat with their own centralized IT and datacomm people, not the least of which was the VA itself.
So now when I read about yet another serious security breech at the VA, with 28,000 or so more personal records exposed (following the 28 million or so social security and medical records exposed last time?) I am laughing. I recalled giving a talk to researchers on local security, and highlighted how researchers went without firewalls because the central command wouldn’t approve the expenditure until the “next round of budgets”. Oh, and I also highlighted how the network manager of those researchers stated publicly in an IT magazine interview that he went without firewalls because he didn’t have the budget for them. That was the model, eh?
The first rule of fight club is…. oh forget it. Some people are only invited to fight club so that someone else has a better chance of winning without getting hurt. “Shame and Blame” environments and patriarchal management styles get you this sort of performance:
The bureaucratic infighting between Michael McLendon, deputy assistant secretary for policy, and Dennis Duffy, acting assistant secretary for policy, planning and preparedness within the VA’s Office of Policy, Planning and Preparedness, contributed to the 13-day delay in notifying senior department leaders of the theft of personal information on more than 26 million individuals
They do produce nice looking documents, though.