VA gets visibility with cybersecurity tool

New tool shows security status of all computers on network

The Veterans Affairs Department expects to have a new cybersecurity tool operating later this month that will provide a real-time view of all computers and electronic devices on the department’s network.

After the deployment is complete, information security officials there will have real-time information on the security status of nearly a million desktop and laptop computers, printers and other devices, Roger Baker, The VA's assistant secretary or information and technology, said today.

“We want visibility into every device on our network,” Baker said in a conference call with reporters. “It will give us a complete view of vulnerabilities in our enterprise.”


Related story:

VA to secure 50,000 networked medical devices

Baker: VA making progress on lifetime electronic record system


The new application is part of a $50 million software and systems upgrade to VA cybersecurity this year, and will help the department identify and remove unencrypted or unauthorized devices on the network, and identify the security status of authorized devices, Baker said. The cost of $50 million doesn't count staff time involved in the implementation, he added.

After the implementation is done, VA officials will be able to view information about the devices’ operating systems, operational security and patches to correct security flaws, he said.

The tool also will help identify when and where laptops and other IT devices disappear or are stolen, he said. From June through August, 61 laptops, desktop computers and other devices were reported missing or stolen at the department.

The tools will be used by network security operators at each VA facility to ensure its devices meet security requirements, he said.

About the Author

Alice Lipowicz is a staff writer covering government 2.0, homeland security and other IT policies for Federal Computer Week.

Reader comments

Fri, Dec 3, 2010

They continue to lose laptops at an alarming rate. I believe the problem lies in the people who feel entitled to "Work from home" and need a Government provided Laptop to do it with. What sort of configuration allows them to do this? No mention of emphasis on training of personnel etc. With the administrations new goal of cutting contractors and staff, I don't see the problem improving.

Tue, Sep 21, 2010

"The new application is part of a $50 million software and systems upgrade to VA cybersecurity this year...doesn't count staff time involved in the implementation..." I am still trying to get my head around a $50 million 'upgrade'. That guy from NASA who went over to VA will fit right into that approach. The IG should be busy.

Tue, Sep 21, 2010 wolfiroc

It's magic by gosh. A tool that "will will be able to view information about the devices’ operating systems, operational security and patches to correct security flaws" AND " ... also will help identify when and where laptops and other IT devices disappear or are stolen ..." AND "...used by network security operators at each VA facility to ensure its devices meet security requirements... " Impressed I am that it deals with the INSIDER THREAT, the PHYSICAL THREAT, the LOGICAL THREAT and WOW - the COMPLIANCE REQUIREMENTS. No such animal, not here, not now, and having been 26 years in security maybe not in my career lifetime.

Mon, Sep 20, 2010 VAITWorker

To counter what some might thing as as total fault on VA IT Management, I will present that many of these rediculous "security" measures are a knee jerk reaction to equally rediculous demands by congress. "You must be secure in a month!" "OK, well we'll go out and buy the first product that promises us the world and then later figure out if it works. As long as the Secretary can report we are compliant." Since the VA, the second largest federal agency out there, reports directly to congress and eventually the prez, It's really not even up to Baker on what his mission is. He's still a pawn. The real underlying problem is not what software to buy but hiring competant IT staff who know how to manage the 1000s of devices that most VA hospitals have. Baker thinks he's getting visability to the desktop, but what if a lazy admin doesn't install the agent on 100 PCs, multiply that by 100s of VA hospitals, no one will know they exist, period. There is no software out there that will tell you about non-compliant systems, at least the VA hasn't bought it. Imagine trying to keep track of over 350,000 PC devices that exist in the VA. What about PCs that are on the shelf being deployed? Unless you run a IP scan every day on 350k+ devices to see if any new device comes online without a client, you loose visability to more and more desktops pretty quickly. Security isn't technology, it, time and time again, comes back to real living breathing people and their responsibility. Guess what, those people aren't perfect so don't go telling congress you got the security problem fixed Baker, cause there will be more lost laptops, drives ect in the future, until you can brainwash every IT worker or user for that matter, with acceptable behavior.

Mon, Sep 20, 2010 VACO VACO

THE VA's security approach fails to consider business requirements most of the time. Since the laptop debacle, VA's security regime has dictated security to the VA and has failed to deliver time and again. While thye can claim better security (sort of), they have had significant negative impacts upon VA business processes. Security is used as a synonym for 'no'. Security is supposed to be a business enabler not an impediment. IF VA management would taek business requirements first, assess the risks, then find the right solution that is as transparent as technically possible without impacting IT capabilities, they woudl be top of the class. But unfortunately they continue to stumble all over themselves and waste millions of $$$.

Show All Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above