VA conducts security review of laptop PCs, bars nondepartment PCs from VPN

The Veterans Affairs Department has ordered a security review of every laptop computer at the VA and has banned employees from connecting any employee-owned computers to the VA virtual private network (VPN), VA Secretary James Nicholson said in a hearing at the House Committee of Government Reform today.

Nicholson was called to testify in the wake of the theft of a laptop that contained VA records on 26.5 million veterans. The laptop was stolen from the home of a VA data analyst. Nicholson said he has suspended the practice of permitting employees in the Veterans Benefit Administration from removing claims files from office computers and working on them at home.

The VA has also started a departmentwide security review of every laptop to ensure that all antivirus and security software is current. That review will include the removal of any unauthorized information or software on department laptops. The VA will also change security settings for its VPN every day, Nicholson said.

With the release this week of a new directive, “Safeguarding Confidential and Privacy Act-Protected Data at Alternative Work Locations,” the VA has also re-enforced its information security policies for teleworkers, Nicholson said.

This directive, he added, informs all employees that failure to comply with VA information security policy may violate federal law, with the possibility of civil or criminal penalties for violations.

To reinforce the importance of information security, Nicholson said every VA facility and office in the country will stand down for a “Security Information Week” beginning June 26. This will permit managers to review security and reinforce privacy obligations and responsibilities with their staff, Nicholson said.

Featured

  • Comment
    Pilot Class. The author and Barbie Flowers are first row third and second from right, respectively.

    How VA is disrupting tech delivery

    A former Digital Service specialist at the Department of Veterans Affairs explains efforts to transition government from a legacy "project" approach to a more user-centered "product" method.

  • Cloud
    cloud migration

    DHS cloud push comes with complications

    A pressing data center closure schedule and an ensuing scramble to move applications means that some Homeland Security components might need more than one hop to get to the cloud.

  • Comment
    Blue Signage and logo of the U.S. Department of Veterans Affairs

    Doing digital differently at VA

    The Department of Veterans Affairs CIO explains why digital transformation is not optional.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.