VA probes employee access to sensitive data

Measure is one of several to prevent future data losses

Top officials at the Department of Veterans Affairs recently completed an inventory of all employees who have access to the department’s sensitive data and are analyzing the results. VA Secretary Jim Nicholson ordered the inventory after the May 3 theft of a department laptop PC that contained about 26.5 million records on veterans and active-duty members of the military.

The internal inventory assessed employees’ need for sensitive data and how they accessed the information, such as through paper files, electronic databases or virtual private networks. Nicholson did not say how he plans to use the inventory, but the department will likely winnow the number of VA employees who are authorized to access sensitive data.

Nicholson discussed the VA’s reforms for tightening information security and consolidating information technology programs during a House Veterans’ Affairs Committee hearing. At the June 29 hearing, he announced the recovery of the stolen laptop.

Nicholson has ordered a thorough security review of all VA laptops, including the removal of unauthorized data and a review to determine whether encryption programs are necessary. He asked for recommendations on protecting sensitive data.

“I am convinced that, coming out of a very bad situation, we can make the VA a model for data security in the government and in the country,” Nicholson told the committee.

Despite lawsuits by several veterans groups and grievances filed by labor unions, he said, the VA is moving ahead with steps to tighten internal security, centralize the IT programs of the department’s three administrations and help veterans affected by the data theft. The critics say the VA’s proposed IT centralization plan violates collective bargaining agreements.

Last month, Nicholson established the VA information security program, which will establish standards for accessing VA information systems and require officials to report compliance failures or policy violations immediately. He also ordered annual cybersecurity and privacy awareness training for all VA employees.

Nicholson told the committee that the department has hired an independent special adviser for information security, Richard Romley, a former Maricopa County, Ariz., district attorney.

He also announced that retired Adm. Patrick Dunne is working at the VA as a consultant while awaiting Senate confirmation to become assistant secretary of the Office of Policy, Planning and Preparedness.

The staff shakeup included the resignation of Pedro Cadenas Jr., who was acting deputy assistant secretary for IT. Acting Assistant Secretary Dennis Duffy, who was placed on administrative leave after the data theft, has retired. And the unnamed official whose laptop was stolen from his suburban Maryland home remains on administrative leave, VA spokesman Matthew Burns said.

Alan Paller, director of research at the SANS Institute, said providing the VA CIO with greater authority is very important. But Paller added that Nicholson is between a rock and a hard place because “he’ll never have enough resources to meet the unmeetable [security] requirements” set by Congress and secure the VA’s IT systems.

Meanwhile, the VA’s plan to provide free credit monitoring to veterans affected by the laptop theft, at a projected cost of $160.5 million, is on hold. The department “will make a determination about the proposal once it receives information on the results of the FBI’s more thorough forensic examination of the recovered computer equipment,” Burns said.

About the Author

David Hubler is the former print managing editor for GCN and senior editor for Washington Technology. He is freelance writer living in Annandale, Va.

FCW in Print

In the latest issue: Looking back on three decades of big stories in federal IT.


  • Anne Rung -- Commerce Department Photo

    Exit interview with Anne Rung

    The government's departing top acquisition official said she leaves behind a solid foundation on which to build more effective and efficient federal IT.

  • Charles Phalen

    Administration appoints first head of NBIB

    The National Background Investigations Bureau announced the appointment of its first director as the agency prepares to take over processing government background checks.

  • Sen. James Lankford (R-Okla.)

    Senator: Rigid hiring process pushes millennials from federal work

    Sen. James Lankford (R-Okla.) said agencies are missing out on younger workers because of the government's rigidity, particularly its protracted hiring process.

  • FCW @ 30 GPS

    FCW @ 30

    Since 1987, FCW has covered it all -- the major contracts, the disruptive technologies, the picayune scandals and the many, many people who make federal IT function. Here's a look back at six of the most significant stories.

  • Shutterstock image.

    A 'minibus' appropriations package could be in the cards

    A short-term funding bill is expected by Sept. 30 to keep the federal government operating through early December, but after that the options get more complicated.

  • Defense Secretary Ash Carter speaks at the TechCrunch Disrupt conference in San Francisco

    DOD launches new tech hub in Austin

    The DOD is opening a new Defense Innovation Unit Experimental office in Austin, Texas, while Congress debates legislation that could defund DIUx.

Reader comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group