BILL WOULD TRANSFORM VA CYBERSECURITY -- "You could use

this as a model and move it out to other

agencies as quickly as possible."

We have a story Government Computer News and a press release from the House Committee on Veterans' Affairs.

The only problem with these two pieces of information is that they speak about credit monitoring.

That is now a moot point since the White House has cancelled credit monitoring for veterans claiming that no VA data was lost...that here... http://www.vawatchdog.org/old%20newsflashes%20JUL%2006/newsflash07-18-2006-10.htm

Story here... http://www.gcn.com/online/vol1_no1/41380-1.html

Story below:

--------------- 

Bill would transform VA cybersecurity

By Mary Mosquera, GCN Staff

The House Veterans’ Affairs Committee has drafted legislation to accelerate improvements in information security at the beleaguered Veterans Affairs Department following the loss of sensitive data belonging to millions of veterans, reservists and active-duty service members.

The committee will mark up the proposed Veterans Identity and Credit Protection Act of 2006 on Thursday, with plans to send it to the House floor next week, said committee chairman Steve Buyer (R-Ind.).

The legislation would incorporate many of the changes in VA IT security that federal overseers and industry have recommended in several recent hearings following the data loss in May. The FBI and local law enforcement have since recovered the notebook PC and external hard drive and have indicated to VA that no data was accessed.

At the same time, the General Services Administration told the committee it has initiated a blanket purchase agreement specifically for credit monitoring services for federal agencies so they can respond to potential data compromise quickly and effectively.

GSA last week invited 21 contractors from its Financial and Business Services Schedule to compete for multiple blanket purchase agreements to provide three levels of credit monitoring depending upon the risk, said Jim Williams, commissioner for GSA’s Federal Acquisition Service. Ordering agencies will be able to select the most appropriate level of credit monitoring services.

“Federal agencies do not have the luxury of time to embark upon a prolonged procurement process of their own,” he said.

Responses to the BPA request are due Monday. Besides credit monitoring, GSA expects contractors will provide applications to detect early signs of fraudulent activity and identity theft, services for reporting lost or stolen Social Security numbers to the three national credit bureaus, and for requests for fraud alerts and statements on all credit files.

GSA plans to make awards in August and expect several agencies to begin placing orders immediately, Williams said.

Lawmakers hope the legislation could be implemented quickly to prevent some of the situations that would require those credit monitoring services. VA should be able to implement the provisions of the bill within six months, said John Gauss, a former VA CIO and currently president of FGM Inc. of Reston, Va.

“You could use this as a model and move it out to other agencies as quickly as possible,” he told the committee.

When Gauss was CIO, he convinced the secretary to centralize the IT environment but it got dragged down in the department concurrence process, he said.

“I am an advocate of change, even if there is collateral damage in the beginning. Otherwise, the advocates of no change will drag this out. It’s time to strike and strike fast,” Gauss said.

Among the VA cybersecurity bill proposals, it would make the department CIO also the undesecretary of information services, which would give the position a seat at the executive table with the other undersecretaries who lead VA’s health, benefits and burial administrations.

The bill would also create the Office of the Undersecretary for Information Security, which would contain three deputy undersecretaries for operation and management, policy and planning, and security. The last undersecretary would also serve as the department’s senior information security officer. It also details response to data breaches, risk analysis and notification and credit monitoring services for those affected.

---------------

House CVA press release here... http://www.vawatchdog.org/housecvanews/housecvanews07-18-06.htm

Press release below:

---------------

Bipartisan bill secures personal information, bolsters VA’s IT ‘backbone’

Washington, D.C. — Bipartisan legislation to improve information security at the Department of Veterans Affairs (VA) received broad approval in testimony today from former VA chief information officers, veterans’ advocates and legislators who had previously submitted their own proposals. The legislation requires prompt, veteran-friendly responses to data breaches that include free credit monitoring and insurance and ultimately strengthens VA’s information management backbone.

“On May 25, we began a series of hearings to learn why the VA data breach occurred, what we can do to prevent its recurrence and how we can help any veteran harmed by data theft,” said Veterans’ Affairs Committee Chairman Steve Buyer (R-Ind.) after a hearing that examined legislation drafted by the committee in cooperation with the House Committee on Government Reform. “This bipartisan bill enables VA to help ensure veterans the peace of mind that their personal data is secure.”

The bill, slated to be marked-up Thursday, defines responsibilities within VA for the regular reporting of the department’s adherence to federal information security standards. It requires prompt reports of all future breaches to both federal authorities and to veterans whose information may be compromised. Affected veterans would be notified by VA and at their request would be provided guidance on available services ranging from credit reporting, freezes and alerts, to insurance against financial loss associated with theft. Veterans would be offered free credit counseling on the merits and any liabilities of the options available to them.

“A breach involving a single veteran’s information is a serious incident and we will treat it that way,” said Buyer. “We will go quickly to the veteran with full disclosure and with solutions in the event of a breach. The burden will be on the government to offer veterans effective and prompt remedies.”

The bill’s language complements a directive issued by VA Secretary R. James Nicholson on June 28, that gave the department’s chief information officer (CIO) centralized authority over all departmental information management. The bill would elevate the CIO to the position of under secretary for information services, the same level as the under secretaries who run VA’s health, benefits and memorial affairs administrations.

The elevation would strengthen the CIO’s ability to ensure adherence to federal policy. The under secretary would be aided by deputy under secretaries for security, operations and management, and policy and planning. Testimony during the committee’s June hearings revealed critical weaknesses in each of these areas, caused as much by a dysfunctional culture as by organizational flaws.

“Information security is a challenge that requires our continued stewardship as we work with VA to centralize its information management system,” said Buyer, referring to persistent internal and external opposition that has obstructed reform and left veterans vulnerable to fraud.

Language in the bill reflects recommendations drawn from proposals made by members of Congress since the May 3 data theft. Proposals included requirements that VA notify veterans of data loss and provide free credit monitoring. Responding to another proposal, the draft bill directs VA to determine the feasibility of using personal identification numbers instead of Social Security numbers to identify veterans using its system. Buyer, agreeing with much in these proposals, also called for credit insurance as well as monitoring.

“I appreciate the aggressive and bipartisan manner in which the committee has worked on this important issue,” said the committee’s acting ranking member, Bob Filner (D-Calif.). “I am confident that we can produce a bill that will reflect our commitment to protecting veterans’ sensitive information, provide essential services in the event of a data breach and address the cavalier manner in which the May 3rd breach and others have been handled by the VA.”

“The bipartisan work within our committee and with Chairman Davis of the Committee on Government Reform and Ranking Member Waxman has paid off in a strong bill that protects veterans,” Buyer said, referring to Thomas M. Davis (R-Va.) and Henry A. Waxman (D-Calif.). “I look forward to bringing this to a vote in the House and seeing the Senate act quickly so that we can move this legislation to the President.”

---------------

Larry Scott

(go back to VA Watchdog dot Org Home Page)

	Web www.vawatchdog.org

FAIR USE NOTICE: This site contains copyrighted material the use of which has not always been specifically authorized by the copyright owner. We are making such materials available in an effort to advance understanding of veterans' issues. We believe this constitutes a 'fair use' of any such copyrighted material as provided for in section 107 of the US Copyright Law. In accordance with Title 17 U.S.C. Section 107, the material on this site is distributed without profit to those who have expressed an interest in receiving the included information for educational purposes. For more information go to: http://www.law.cornell.edu/uscode/17/107.shtml   If you wish to use copyrighted material from this site for purposes of your own that go beyond 'fair use', you must obtain permission from the copyright owner.
 

Now we have VA Watchdog Stuff

Cups, Hats, Shirts and more

Click here to order and support the site