Oversight

Latest breach at VA has Congress asking more questions

privacy keyboard

The latest data breach at the Department of Veterans Affairs -- this one exposing thousands of veterans' personally identifiable information in a mid-January software glitch -- has Congress again questioning the agency about its IT security practices.

The Jan. 15 breach occurred when a bungled software update to VA's eBenefits system exposed at least 5,300 veterans' medical and financial information to the public, prompting House Veterans Affairs Committee Chairman Jeff Miller (R-Fla.) to seek answers from VA Secretary Eric Shinseki on Jan. 24.

Miller's letter requests detailed answers to 18 questions regarding the breach by Jan. 31. VA officials have attributed the mishap to a "software defect."

Miller's questions include how VA "identified and addressed the eBenefits 'software defect,'" whether anyone was penalized for failing for safeguard veterans personally identifiable information and how VA expects to prevent similar "software defects" from occurring in the future.

"Unfortunately, these types of breaches continue to occur on a regular basis at the VA despite VA's multiple assurances that its systems are secure," Miller stated. "The agency's information systems, including the eBenefits portal, continue to be afflicted by persistent information security weaknesses. Recognizing the importance of securing veterans' personal information, and minimizing the risk of serious consequences such as identity theft or other fraudulent activity, the Committee expects VA to take all steps necessary to strength security and privacy of the eBenefits portal."

Miller's letter is the tenth formal request for information from the Veterans Affairs Committee or one of its subcommittees since Oct. 22 regarding VA IT security procedures. VA's only response thus far was a preliminary answer to the committee's Oct. 22 letter, but the response from CIO Stephen Warren did not "sufficiently answer" all the questions posed in that inquiry, according to a Capitol Hill source.

Since June 2012, VA has 111 outstanding requests for information from Congress, including the eight made in October and November following revelations of multiple data breaches compromising VA networks since 2010.

Those inquiries were due in early November and are more than two months overdue, despite the VA Office of Information Technology allocating significant resources to responding to them. While VA's status regarding IT security is not clear, what is clear at the moment is that members Congress are growing increasingly frustrated with VA's delays. Miller has already taken to writing weekly letters to Shinseki calling for information -- an unprecedented step for the committee.

"The leisurely pace with which VA is returning requests -- and in some cases not returning them -- is a major impediment to the basic oversight responsibilities of the committee," a Capitol Hill official with knowledge of the inquiries told FCW on Jan. 14.

VA did not respond to FCW's requests for comment.

About the Author

Frank Konkel is a former staff writer for FCW.

FCW in Print

In the latest issue: Looking back on three decades of big stories in federal IT.

Featured

  • FCW @ 30 GPS

    FCW @ 30

    Since 1996, FCW has covered it all -- the major contracts, the disruptive technologies, the picayune scandals and the many, many people who make federal IT function. Here's a look back at six of the most significant stories.

  • Shutterstock image.

    A 'minibus' appropriations package could be in the cards

    A short-term funding bill is expected by Sept. 30 to keep the federal government operating through early December, but after that the options get more complicated.

  • Defense Secretary Ash Carter speaks at the TechCrunch Disrupt conference in San Francisco

    DOD launches new tech hub in Austin

    The DOD is opening a new Defense Innovation Unit Experimental office in Austin, Texas, while Congress debates legislation that could defund DIUx.

  • Shutterstock image.

    Merged IT modernization bill punts on funding

    A House panel approved a new IT modernization bill that appears poised to pass, but key funding questions are left for appropriators.

  • General Frost

    Army wants cyber capability everywhere

    The Army's cyber director said cyber, electronic warfare and information operations must be integrated into warfighters' doctrine and training.

  • Rising Star 2013

    Meet the 2016 Rising Stars

    FCW honors 30 early-career leaders in federal IT.

Reader comments

Fri, Jan 31, 2014

While few people in VA's IT like Warren, I have to admit that this is kind of funny. The SecVA and Warren must really laugh at the likes of Miller with all his letters and requests. If one thing has been proven, it's that you can blow off Miller and congress and there's nothing they can do about it. Miller, if you want the SecVA or Warren to do anything but shred your requests, you better get a lot tougher with them because they're just mocking you at this point.

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group