VA has made progress in data security

The Veterans Affairs Department has made measurable progress in establishing information security controls and a culture of vigilance, a senior VA official said today.

VA has performed 40 percent of the 400 actions it outlined in its action plan in the wake of a major data breach in May 2006, said Robert Howard, the department's chief information officer, at an industry event sponsored by AFCEA International’s Washington, D.C., chapter.

The CIO’s office conducted numerous assessments of aspects of information security, management and technology to determine a baseline and how to prioritize its resources and actions, he said. VA has also introduced stronger controls as part of its plan to improve security and comply with Office of Management and Budget directives for protecting personally identifiable information. Specifically, VA has encrypted all laptop PCs and requires physicians and other partners and contractors who handle sensitive VA data on their own computers to encrypt them, Howard said.

He added that the department has installed applications to monitor ports for unauthorized devices, prevent access to the network if a laptop PC fails to have adequate antivirus protection, and better protect e-mail messages and attachments. The department also directed employees to use only encrypted thumb drives provided by VA.

VA published Handbook 6500 to provide rules of behavior and other data security guidelines for employees and managers. In addition to employing technology to help with data security, VA has used education, training and reminders to change the department’s security culture to one that promotes personal responsibility and accountability, he said.

“Leadership is key in a tough environment. There’s some aggravation associated with the security mandates,” Howard said, adding that vendors are making encryption easier to use.

The 2006 data breach was a wake-up call for VA and all government agencies, he said. Even as VA steadily improves its information security, it’s difficult to escape repeated retellings of its former lapses in information technology security each time an agency loses a laptop PC, he added. In the most recent reported breach, a researcher from the National Institutes of Health had a laptop PC stolen from a locked car trunk last month. It contained information on 2,500 patients involved in a clinical research project at NIH’s National Heart, Lung and Blood Institute. NIH officials said the laptop PC was not encrypted.

“It’s going to happen if you’re careless,” Howard said.

Even as he underscored the progress VA has made in IT security, he said the process has been slow because of the decentralized nature of the department. The 2006 data breach also accelerated VA’s move to a centralized IT organization. Howard now has authority over about 7,000 IT personnel from VA’s health care, benefits and burial administrations, including systems development staff and the headquarters CIO’s office.

About the Author

Mary Mosquera is a reporter for Federal Computer Week.

The Fed 100

Save the date for 28th annual Federal 100 Awards Gala.

Featured

  • computer network

    How Einstein changes the way government does business

    The Department of Commerce is revising its confidentiality agreement for statistical data survey respondents to reflect the fact that the Department of Homeland Security could see some of that data if it is captured by the Einstein system.

  • Defense Secretary Jim Mattis. Army photo by Monica King. Jan. 26, 2017.

    Mattis mulls consolidation in IT, cyber

    In a Feb. 17 memo, Defense Secretary Jim Mattis told senior leadership to establish teams to look for duplication across the armed services in business operations, including in IT and cybersecurity.

  • Image from Shutterstock.com

    DHS vague on rules for election aid, say states

    State election officials had more questions than answers after a Department of Homeland Security presentation on the designation of election systems as critical U.S. infrastructure.

  • Org Chart Stock Art - Shutterstock

    How the hiring freeze targets millennials

    The government desperately needs younger talent to replace an aging workforce, and experts say that a freeze on hiring doesn't help.

  • Shutterstock image: healthcare digital interface.

    VA moves ahead with homegrown scheduling IT

    The Department of Veterans Affairs will test an internally developed scheduling module at primary care sites nationwide to see if it's ready to service the entire agency.

  • Shutterstock images (honglouwawa & 0beron): Bitcoin image overlay replaced with a dollar sign on a hardware circuit.

    MGT Act poised for a comeback

    After missing in the last Congress, drafters of a bill to encourage cloud adoption are looking for a new plan.

Reader comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group