Report: VA's IT security still needs work

Grant Gross   Today’s Top Stories   or  Other Security Stories  

Winning Enterprise Authentication: 5 Key Steps for Success Dynamic Data Center and Virtualization Drives Operational Excellence at Emory Healthcare Bringing Order and Security to your Mobile Workforce: Corporate Mobility Policy and Device Management A Simpler Approach to Remote Access Smart Security Choices for Mobile Workers File Integrity Monitoring: Secure Your Virtual and Physical IT Environments Computerworld Technology Briefing: Intelligent Users Use Business Intelligence Virtual Reality SaaS Solutions for Remote Systems Management Sign up to receive Security Resource Alerts

September 19, 2007 (Computerworld) -- The U.S. Department of Veterans Affairs has made some progress since a May 2006 data breach, but it has not completed 20 of 22 recommendations from an internal auditor, according to a report released Wednesday.

As of May, the VA had not yet addressed several "critical success factors" for transforming its IT management, the U.S. Government Accountability Office said in its report. The VA had only completed two of 22 recommendations from its inspector general following the breach, in which a laptop and hard drive containing personal records of 26.5 million veterans and family members were stolen from a VA employee's home.

The VA also needs to improve its IT asset control, the GAO said, referencing a July report showing about 2,400 missing IT devices at four VA locations in 2005 and 2006. While the VA has "many significant initiatives under way," problems persist, even in the programs meant to fix past problems, the GAO report said.

"We continue to see management weaknesses in these programs and initiatives, which are the very weaknesses that VA aims to alleviate," the GAO report said.

The VA has not completed a comprehensive security management program, recommended by the GAO, and it has not strengthened its critical infrastructure planning process, which was recommended by its inspector general, the GAO said.

In addition, the VA has worked with the U.S. Department of Defense for 10 years to share electronic medical records, but the two agencies are "far" from completing that work, the GAO said.

Robert Howard, the VA's assistant secretary for information and technology since last September, largely agreed with the GAO report while testifying before the Senate Veterans Affairs Committee Wednesday.

"Since the May 2006 data breach, the VA staff is now more aware of the importance of protecting our veterans' and employees' information and identities," Howard said. "While we do have a way to go here, I have definitely seen improvement."

The VA has encrypted more than 18,000 laptops since the breach, and it is rolling out software that blocks unauthorized data storage devices such as thumb drives from connecting to the VA's network, he said. The agency has also installed software that blocks VA employees from sending e-mail containing Social Security numbers, he said.

As the VA was rolling out the e-mail filtering software, the software caught about 7,000 e-mails containing Social Security numbers in just one month, Howard said.

The VA is also in the process of centralizing its long-criticized location-based IT structure, and the agency's goal is to compete the realignment by July, Howard said.

Senator Daniel Akaka, a Hawaii Democrat and committee chairman, noted that VA Secretary of Veterans Affairs Jim Nicholson promised the agency would become a "gold standard" for cybersecurity following the 2006 breach. "How close is VA to becoming the government leader in information security?" Akaka said.

Continued...
1 | 2 | NEXT  

Print this Story

Send Us Feedback

E-mail this Story

Digg this Story

Slashdot this Story

"So first there is the Twitter phishing attack, and now an 18-year-old hacker gets into their admin tools and does..." Read more... Read more Security posts or See all Blogs

Windows 7 public beta to be available Friday Hack forces Twitter into 'full security review' 10 must-have free BlackBerry apps More top stories...

Ballmer sets loose Windows 7 public beta Fake LinkedIn profiles promise prurient pics, send patsies malware instead Cisco down to business with gear for digital home

The 9 hottest skills for '09 The downturn has softened the IT talent market but done little to weaken demand for SAP, .Net and other technical skills. Fast fixes for common PC problems Every computer user hits a speed bump now and then. Here are some speedy, simple solutions to hardware, software, network, Internet and mobile-device crises. Apple's 5 biggest moments in 2008 From the iPhone 3G to 'unibody' MacBooks, 2008 was a standout year for Apple. Hands-on Linux: New distro versions push the envelope We've got reviews and videos of the new Ubuntu 8.10, Fedora 10 and openSUSE 11.1. Windows 7 Get the latest news, reviews and more about Microsoft's newest desktop operating system More Continuing Coverage Windows 7 Voting Technology Google's Chrome browser Economy in turmoil: Latest news and tips iPhone 3G Bill Gates moves on Windows Vista A to Z Mac A to Z 2008 Salary Survey Find wage data for 50 IT job titles. More Special Reports 2009 Premier 100 IT Leaders 2008 Premier 100 IT Leaders 2007 Premier 100 IT Leaders 2008 Best Places to Work in IT 2007 Best Places to Work in IT 2008 Salary Survey 2007 Salary Survey 2006 Salary Survey 2008 IT Forecast 2007 IT Forecast 40 Years of Computerworld Top 12 Green-IT Users The FAQs About Going Green IT Schools to Watch iPhone: One Year Later Global Mobile Your Next Data Center Management: Reinventing IT Stop Data Leaks Web 2.0 Security Surviving Disasters Managing Storage Virtualization The Lean Storage Machine Storage on Trial Can Web 2.0 Save BI? Bypass These BI Potholes All Zones Business Continuity Zone The File Data Management Zone Security Management Zone The SAS Zone Business Intelligence and Analytics Zone The Enterprise Search Zone Software as a Service Zone The Security Zone See your link here

Process Automation with Symantec Process Automation with Symantec View this new webcast today! Go to the webcast  Computerworld Executive Bulletin: Building a Robust Antivirus Defense Download this Executive Bulletin (a $49.95 value) for free, compliments of MessageLabs. (Source: MessageLabs) Antivirus software alone isn't enough to prevent today's speedy, sophisticated virus attacks. Security managers should consider multitiered approaches that include behavior scanning, appliances that check e-mail for worms, and restricting user access to dangerous Web sites. Download this Executive Bulletin (a $49.95 value) for free, compliments of MessageLabs, to learn more. Download this executive briefing  Creating a green data center to help reduce energy costs and gain a competitive advantage Download this new white paper today! (Source: VMware) With today's rapid IT growth, companies are looking to consolidate datacenter operations to achieve space and cost savings. And as energy costs continue to rise, datacenter efficiency becomes even more important. This IBM report details how companies are reducing energy usage and costs to gain a completive advantage. Download this white paper  White Papers Read up on the latest ideas and technologies from companies that sell hardware, software and services. Extend Your VPN Smart Security Choices for Mobile Workers Leverage Web-based Remote Access to Boost Productivity View more whitepapers

• Windows 7 public beta to be available Friday
• Ballmer sets loose Windows 7 public beta
• Hack forces Twitter into 'full security review'
• More top stories 

The Security Zone With the mobility of employees and the ease with which external devices can be brought in and out of a network, continuing to build your security plan for network servers and clients is a must. Fortunately, there is much that organizations can do to protect themselves from attacks - internal and external. Having the right policies, procedures and server configurations is critical... Learn more in The Security Zone See All Zones

Fired up about IT? Join Sharkbait and share your true tales of IT. SharkBait is the place for you to sound off about everything IT – the good, the bad, and the rest of the weird stuff you deal with every day. New baits

"Turning information into a Competitive Advantage" Companies today are realizing that competitive advantage is harder to sustain when based solely on gains in productivity and cost efficiency. The focus is shifting to invest more in business optimization initiatives which rely on trusted information to develop new insights that deliver better business results. But how can this be done efficiently in a business environment across multiple applications and processes. The answer is an Information Agenda - an innovative approach to transforming business information into a strategic asset for competitive advantage. View this webcast now!  See more Webcasts

Dan Tynan: CES preview: The wireless revolution is finally here Two themes are clearly emerging: gadgets are going wireless in a big way, and everything is finally getting connected. ... [more]