Hired hacker invades VA

A private security company hired by the Department of Veterans Affairs'

inspector general broke into VA computer systems to show that the agency

needs to work harder on securing sensitive data, according to testimony

delivered to Congress today.

The audit, by PricewaterhouseCoopers, found numerous weaknesses in the

firewalls at the Veterans Benefits Administration and the Veterans Health

Administration, where confidential health and benefits records are stored.

"The security problems VA faces are serious," said Rep. Corinne Brown

(D-Fla.), ranking member on House VA Committee's Oversight and Investigations

Subcommittee. "They represent an open door to the U.S. Treasury."

In testimony prepared for delivery to subcommittee, assistant IG Michael

Slachta Jr. said the holes in the VA's security system make the agency's

programs and financial data "vulnerable to destruction, manipulation and

fraud," Slachta said.

Among the weaknesses, he said:

* Passwords were not changed often enough, and words were used that

could be easily guessed.

* Physical security at the main computer room was inadequate.

* New employees were not properly trained.

Security problems continue to exist because the VA has not implemented

an integrated security management program, and the VHA has not effectively

managed computer security at its medical facilities, according to Joel Willemssen,

director of the civil agencies information systems at the General Accounting

Office.

"Financial transaction data and personal information on veterans' medical

records continued to face increased risk of inadvertent or deliberate misuse,

fraudulent use, improper disclosure or destruction," Willemssen said in

his prepared testimony.

However, "It wasn't all bad news," VBA chief information officer K.

Adair Martinez said during the hearing today, "There were two [real] hacking

attacks last week on the VBA system, and they were both detected and prevented."

This is not the first time that the VA has been criticized for lax security.

For several years, Congress has complained that the VA has not taken the

right steps to protect electronic data and failed to properly track the

more than $1 billion it spends each year on technology — a requirement of

the 1996 Clinger-Cohen Act.

Featured

  • Defense
    Ryan D. McCarthy being sworn in as Army Secretary Oct. 10, 2019. (Photo credit: Sgt. Dana Clarke/U.S. Army)

    Army wants to spend nearly $1B on cloud, data by 2025

    Army Secretary Ryan McCarthy said lack of funding or a potential delay in the JEDI cloud bid "strikes to the heart of our concern."

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.