GAO report; VA should improve their information security
Yeah, I know, you’re grasping for your chair right now so you don’t fall out of it from the shock. The Government Accountability Office conducted a study which led them to conclude that the Department of Veterans’ Affairs should really do more to protect veterans’ personal information. I could have saved them some money;
The GAO report was released in conjunction with testimony provided by Gregory Wilshusen, GAO director of information security issues, during a March 25 hearing of the House Committee on Veterans Affairs’ Subcommittee on Oversight and Investigations. The panel is considering draft legislation aimed at improving the VA’s information security.
“Information security remains a long-standing challenge for the department,” Wilshusen said in his written testimony. “Specifically, VA has consistently had weaknesses in major information security control areas. For fiscal years 2007 through 2013, deficiencies were reported in each of the five major categories of information security controls as defined in our Federal Information System Controls Audit Manual.”
VA information security control areas that have ongoing weaknesses include access control, configuration management, segregation of duties, contingency planning and security management, according to the GAO report.
So, Congress is drafting a bill. Because the VA can’t tighten their security on their own, apparently, they need Congress to tell them to do something that they should have been doing all along. Things like not allowing employees to leave their laptops unattended in their privately-owned vehicles where the computers can be stolen, along with the PII of millions of veterans. In downtown DC. Who could have seen that coming? Obviously, not the VA, at least not without a Congressional mandate.
So, what, exactly, does the Veterans’ Affairs Department do right? How long before the country comes to the realization that it’s a leadership issue? The VA serves the VA, not veterans.
Category: Veterans' Affairs Department
Well the Chinese are going to be upset big time to hear about this!
Hmmmm. Sounds like some agency is behind the power curve on “data at rest” protection for mobile devices . . . among other things.
The easiest posture to take is to assume that any information given to any government entity will eventually be released to someone who should not have that information. Protect yourself accordingly.
Just turn the contract over to Commander “Cherokee” Phil Monkress at All-Points Logistics.
It’s the VA so the deficiencies are more acutely felt by the fraction of the population who served and are, in its many forms, using VA services. However, I must say that the issue isn’t the VA, it’s the federal bureaucracy as manifest in all of the agencies. It’s a fact of life in the USA: government sucks and the more of it there is, the more it sucks.
+1
This, just think about how great the “security” on the ACA website is and realize as AirCav says this is just another manifestation of how the government views the peasants…the other problem is that typically if the peasants are fat and happy it’s usually not a big deal. Lately however, the peasants have been getting pissed on a bit too much and some of them are starting to growl…
hahahahahahaha…I needed that laugh, because tax season sucks! Gripping my chair…
All I know is if I have to come up with a new password that has the two numbers, two letters, two symbols, blood of a newborn, two capital letters, and cannot in any way resemble the last 50 passwords I created I am going to be pissed.