Shows & Panels
- The 2014 Big Picture on Cyber Security
- AFCEA Answers
- Ask the CIO
- Connected Government
- Consolidating Mission-critical Systems
- Constituent Servicing
- Continuous Monitoring: Tools and Techniques for Trustworthy Government IT
- The Data Privacy Imperative: Safeguarding Sensitive Data
- Eliminating the Pitfalls: Steps to Virtualization in Government
- Federal Executive Forum
- Federal Tech Talk
- Government Cloud Brokerage: Who, What, When, Where, Why?
- Government Mobility
- Mission-critical Apps in the Cloud
- Mobile Device Management
- The Modern Federal Threat Landscape
- The Path from Legacy Systems
- Understanding the Intersection of Customer Service and Security in the Cloud
Shows & Panels
'Boring' is good news for VA's cyber reports
Friday - 1/28/2011, 5:49pm EST
Federal News Radio
Slow news is good news, at least for the Veterans Affairs Department.
More than four years after a massive data breach that put the personal information of 26 million veterans at risk, VA seems to have learned its IT lesson. VA's assistant secretary for the Office of Information and Technology and chief information officer Roger Baker described his latest data breach report to Congress as "fairly boring."
Congress passed a law in 2006 mandating VA make weekly reports on all data breaches organization-wide. The law followed the burglary of a laptop that contained private information about millions of veterans. Lawmakers have since changed the reporting requirement to monthly.
Even as security incidents have decreased in number and severity, Baker said he hopes VA will continue its reports to Congress.
"I like the fact that VA is setting the pace on this," said Baker in a phone press conference Friday. "I like the fact that it helps us with our transparency and our trust with veterans and with the Hill. And I think it would be good if we can remain on this path so that, down the road, when we do have bad things to report, there's not a question of 'What are you hiding?' We're reporting everything."
Baker credited the reporting requirement with changing the security environment at VA. He said the organization now has a culture of reporting privacy issues, an emphasis on transparency and an independent data breach quarantine to assess security risks.
The latest report to Congress detailed 10 incidents, including mishandled meal tickets, accounts without passwords and stolen computers.
In one case, the stolen computer was recovered using tracing technology called Computrace. VA tracked the disk that had been reimaged and identified the individual who possessed laptop.
Baker said tracking software comes standard on most equipment but VA has not implemented a policy of activating the software. He said in cases where no veteran information is compromised, it becomes a matter of cost of the equipment.
"It is an asset we've got if we have a persistent problem," Baker said. "But in lot of instances, it probably costs more to license software to track down than device is worth."
Baker said even though the reports show a decline in data breaches, he would rather VA continue to over-report than under-report.
(Copyright 2011 by FederalNewsRadio.com. All Rights Reserved.)