Day: May 4, 2017

VA Official Looks to Close About 1,100 VA Buildings

Veterans Affairs Secretary David Shulkin says his department is seeking to close perhaps more than 1,100 VA facilities nationwide as it develops plans to allow more veterans to receive medical care in the private sector.

At a House hearing Wednesday, Shulkin said the VA had identified more than 430 vacant buildings and 735 that he described as underutilized, costing the federal government $25 million a year.

He said the VA would work with Congress in prioritizing buildings for closure and was considering whether to follow a process the Pentagon had used in recent decades to decide which of its underused military bases to shutter, known as Base Realignment and Closure, or BRAC.

“Whether BRAC is a model that we should take a look, we’re beginning that discussion with members of Congress,” Shulkin told a House appropriations subcommittee. “We want to stop supporting our use of maintenance of buildings we don’t need, and we want to reinvest that in buildings we know have capital needs.”

Aging buildings

In an internal agency document obtained by The Associated Press, the VA pointed to aging buildings it was reviewing for possible closure that would cost millions of dollars to replace. It noted that about 57 percent of all VA facilities were more than 50 years old. Of the 431 VA buildings it said were vacant, most were built 90 or more years ago, according to agency data. The VA document did not specify the locations.

While President Donald Trump’s budget blueprint calls for a 6 percent increase in VA funding, Shulkin has made clear the government’s second-largest agency with nearly 370,000 employees will have to operate more efficiently and that budget increases should not be considered a given in future years. 

The department recently announced hiring restrictions on roughly 4,000 positions despite the lifting of the federal hiring freeze and also left open the possibility of “near-term” and “long-term workforce reductions.” Shulkin is also putting together a broader proposal by fall to expand the VA’s Choice program of private-sector care.

BRAC controversial

The Pentagon’s BRAC process often stirred controversy in the past as members of Congress expressed concern about the negative economic impact of shuttering military bases and vigorously opposed closures in their districts.

Rep. Jeff Fortenberry, R-Neb., a vice chair of the appropriations panel, told Shulkin that Congress was looking forward to working with the VA “constructively” on the issue in part by determining how excess VA buildings could be put to good community use, such as for fire-fighting, security or landscape maintenance.

“Don’t ever use the term BRAC because it brings up a lot of bad memories,” Fortenberry cautioned. “You automatically set yourself up for a lot of controversy.”

more

Don’t Click That Link: Google Docs Ruse an Example of ‘Future of Phishing’

Alphabet Inc. warned its users to beware of emails from known contacts asking them to click on a link to Google Docs after a large number of people turned to social media to complain that their accounts had been hacked.

Google said Wednesday that it had taken steps to protect users from the attacks by disabling offending accounts and removing malicious pages.

The attack used a relatively novel approach to phishing, a hacking technique designed to trick users into giving away sensitive information, by gaining access to user accounts without needing to obtain their passwords. They did that by getting a logged-in user to grant access to a malicious application posing as Google Docs.

No malware needed

“This is the future of phishing,” said Aaron Higbee, chief technology officer at PhishMe Inc. “It gets attackers to their goal … without having to go through the pain of putting malware on a device.”

He said the hackers had also pointed some users to another site, since taken down, that sought to capture their passwords. Google said its abuse team “is working to prevent this kind of spoofing from happening again.”

Anybody who granted access to the malicious app unknowingly also gave hackers access to their Google account data including emails, contacts and online documents, according to security experts who reviewed the scheme.

Someone else controls your accounts

“This is a very serious situation for anybody who is infected because the victims have their accounts controlled by a malicious party,” said Justin Cappos, a cyber security professor at NYU Tandon School of Engineering.

Cappos said he received seven of those malicious emails in three hours Wednesday afternoon, an indication that the hackers were using an automated system to perpetuate the attacks.

He said he did not know the objective, but noted that compromised accounts could be used to reset passwords for online banking accounts or provide access to sensitive financial and personal data.

more