Printer Friendly Page
VA INSTALLS ENCRYPTION SOFTWARE ON THOUSANDS OF
COMPUTERS -- VA attempting to better protect
sensitive information against misuse.
Story here...
http://www.govexec.com/dailyfed/0906/092606p1.htm
Story below:
---------------
VA installs encryption software on
thousands of laptops
By Daniel Pulliam
dpulliam@govexec.com
The Veterans Affairs Department installed encryption software on nearly
15,000 laptop computers during the past two weeks in an attempt to
better protect sensitive information against misuse, officials told
lawmakers Tuesday.
In testimony before the Senate Veterans' Affairs Committee, Robert
Howard, the department's acting chief information officer, said this
represents most of VA's laptops. He said his office was unable to
encrypt some computers because they would not accept software from
GuardianEdge, a San Francisco-based data security company.
But that affected fewer than 100 laptops, Howard said, and the
unencrypted machines will not be used until they are properly secured.
Howard updated the committee on the status of VA encryption efforts
during his confirmation hearing. He was nominated in August to fill the
spot on a permanent basis.
VA awarded a $3.7 million contract to Syracuse, N.Y.-based Systems Made
Simple Inc. to encrypt department computers and portable media, such as
mobile e-mail devices, flash drives and CDs. When the contract was
announced, officials said the department would encrypt all laptops by
Sept. 15.
VA also is working to provide agency-owned computers to employees who
currently use their personal machines for work purposes. Howard said the
agency plans to wait for fiscal 2007, which begins Oct.1, because of the
cost. In the meantime, employees who use their personally owned
computers for work have been informed that they are required to protect
any sensitive information.
"If you have to use a computer in your work and right now you're using a
personally owned item, we want to issue you a government piece of
equipment that we can control," Howard said.
He added VA is conducting an inventory to get an idea of the cost of
replacing what could potentially be thousands of personally owned
computers, many of them used by the Veterans Health Administration's
doctors.
VA can track when employees log on to its network from personally owned
computers, but cannot require the installation of security patches or
see what employees are working on, Howard said.
"Is there vulnerability there? Sure," Howard said. "As long as we can't
have full control of that device, there will be vulnerability and it's
something we must correct."
Accomplishing VA Secretary James Nicholson's goal of making the
department the "gold standard" for the government in information
security will entail completing 322 actions listed in the department's
Data Security-Assessment and Strengthening of Controls Program, Howard
said.
A document outlining the status of those actions indicates that the
Veterans Health Administration and the Veterans Benefits Administration
have yet to finish assessing their contractors' IT activities. The
document also states that the VA is 20 percent finished implementing
standardized IT directives and 27 percent of the way toward enhancing IT
management security controls.
VA officials also are working to fill 500 full-time positions created in
the department's IT reorganization aimed at centralizing control over
technology networks, Howard said.
Howard's testimony before the committee was well received by the three
senators who questioned him, including Larry Craig, R-Idaho, chairman of
the committee. Craig said he expects the full Senate to vote on the
nomination by the end of the week. The committee is expected to vote
Wednesday.
---------------
Larry Scott
