Charles McClam | The changing ways of SBA

 

Connecting state and local government leaders

Acting CIO Charles McClam details steps SBA is taking to improve its IT security and the wholesale changes that are coming to its Loan Accounting System.

2005 was not an easy year at the Small Business Administration. Aside from facing criticism for what lawmakers considered a bureaucratic response to the Gulf Coast hurricanes, the agency's inspector general questioned its commitment to IT security. None of this has fazed acting CIO Charles McClam, who said watching smoke bill w out of the Pentagon on Sept. 11, 2001, from his office while he was at the IRS helps him keep perspective.McClam, who started his current job in September, detailed steps SBA is taking to improve its IT security and the wholesale changes that are coming to its Loan Accounting System.McClam: Overall, I agree with the OIG report. There are a lot of activities that we're working on to bring about a resolution. We're involved with the OIG, we're engaged with the program officers where some of this responsibility lies. Ultimately, we have to work collaboratively to bring about resolution to the issues identified.There are plans, actions and milestones. We work with program officers to identify any issues and threats or vulnerabilities to our systems, and we track actions to remediate and resolve those issues. We have bimonthly meetings with the OIG to work on issues that surfaced in the reviews, and I've found, over the past six months or so that I've been here, that those meetings have been very helpful and useful to me.We're engaged from a 360-degree perspective. When I came here we had about 13 IG findings [that needed to be improved]. Right now we have completely cleared two of them. We've taken very focused action to begin to resolve eight of them, and the other two or three that remain, we're actively working on with the program offices.McClam: Overall, there was a significant weakness in terms of how we prioritize our IT security issues. We have the plan of action, and milestones in place, and we've been using it for quite some time. Through our various meetings that we've had with the OIG over the past six months, we've highlighted those issues and put them in a particular arrangement, with a color code, so we know the importance of certain items, and we put our resources against that to move it off the table as a potential weakness.So we were able to successfully get a green [score from the IG] in that, because it now ensures that significant security weaknesses are being addressed in a timely manner and the appropriate resources are put against those weaknesses.The second area we have an overall green in is our ability to maintain security and evaluate various issues that affect the integrity of the security of our environment.SBA has assessed risks to operations and assets under its control and we're maintaining security plans and performing security testing and evaluations through various policies and procedures to ensure our infrastructure is not being threatened or cannot be penetrated by outside folks who want to do damage to our infrastructure.McClam: A lot of the systems deal with processes that are somewhat old and haven't been relooked at to ensure that they are continuing to be leveraged to operate in the most efficient way possible. When I look at some of the processes that are being implemented through automation, I can readily see opportunities for improvement.Nothing surprised me here. It's just the fact that some of the technology, as budget authority becomes available, needs to be updated so we can leverage the various automated processes to get the best bang for the buck. You can try and try and try, but it doesn't happen with very aged technology.McClam: When [the Disaster Credit Management System] processes a loan application, it eventually makes its way up to [the Loan Accounting System] for processing loan approval and disbursement. We maintained that particular system and kept it operational 24 hours a day, 7 days a week.DCMS is managed by the Office of Disaster Assistance. That particular system is the vehicle through which the loans come in; that's the input. They move on to the Loan Accounting System, which is the one mainstay, core system that processes loans for disbursement.We also have in place a PC buy contract in which ODA has purchased roughly $3.5 million of IT equipment, including desktops, servers, laptops, switches and routers. These help support Katrina operations in the Gulf Coast area. We've also set up 800-numbers to help ODA employees in the area and other field offices to communicate.McClam: Our system stayed up 24 hours a day, seven days a week. And we've got folks working to support our system 24/7. When a loan application is taken in via DCMS, that application is processed forward through our telecom network and gets put into LAS. There are various routines and applications that are running in that environment that allow for a particular application to be scored, approved or disapproved. If it's approved, operations take place internal to that system for disbursement of checks.McClam: We're in the process of taking some actions to modernize the LAS. LAS is one of the core systems we use to support our mission and it's been around for 30-some-odd years. The technology is somewhat dated; we're looking to modernize that in the next few years.McClam: It will be done in a modular way, it's not like attacking the entire elephant. We're taking small bites and making sure they deliver functionality and support the overall mission. We'll eventually migrate from the older system to a new one.We have an executive steering committee that's being headed by the CIO, chief financial officer, Office of Disaster Assistance, Office of Procurement and Grants. There's a whole organizational engagement, making sure this core capability, this design, is right the first time.McClam: Right now we're looking at probably a 3 1/2-year window to accomplish this. We're in the throes of developing a statement of work. This will certainly be a major undertaking for the organization, and it will be contracted out.

Charles McClam

Rick Steele





GCN: The inspector general was critical of SBA's IT security. Do you agree with the findings and what is your response to the October report?







GCN: Can you provide more specifics on what you've done to address IT security?









GCN: What in particular alarmed you about the state of IT security when you took your current position in September?





GCN: How big of a role did your office plan in dealing with Katrina aftermath?







GCN: How has the LAS held up against the deluge of loan applications?



GCN: What's coming up around the corner?



GCN: Do you foresee a wholesale revision of LAS?





GCN: When you will be finished?

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.