VA Computers Remain Unencrypted, Years After Breach

  /     /     /  
Publicated : 22/11/2024   Category : security


VA Computers Remain Unencrypted, Years After Breach


Report faults IT managers for 6-year delay in adopting security measures.



Top 10 Open Government Websites (click image for larger view and for slideshow)
Following a high-profile data breach six years ago, the U.S. Department of Veterans Affairs spent almost $6 million on encryption software for its PCs and laptops. But an investigation by the departments inspector general determined that the encryption software has been installed on only 16% of its computers.
In the spring of 2006, an unencrypted external hard drive with personal information on 26 million veterans was
stolen from the home of a VA employee
. The department was forced to notify veterans and provide credit monitoring, at a cost of $20 million. In response to the security lapse, VA secretary James Nicholson mandated that all of the departments PCs and laptops be protected by encryption software.
The VA, in a deal with federal contractor Systems Made Simple, spent $2.4 million in 2006 for 300,000 licenses of GuardianEdge encryption software. The department spent an additional $1.2 million between 2007 and 2011 on maintenance agreements for 300,000 licenses, plus $2.3 million in 2011 for additional licenses and a two-year extended maintenance agreement. GuardianEdge was acquired by Symantec in 2010.
[ Hackers infiltrate a critical U.S. infrastructure, heightening need for tighter security. Read more at
DOD: Hackers Breached U.S. Critical Infrastructure Control Systems
. ]
But an anonymous tip, left 12 months ago on the VAs complaint hotline, alleged that the software was not being widely deployed, prompting an investigation. The
IG found
that the encryption software was installed on only 40,000 computers.
The IG report faulted the VAs Office of IT for inadequate planning and management of the project, citing a failure to allow time to test the software on VAs computers and to monitor the softwares installation and activation. The agency encountered incompatibilities between the encryption software and its desktop PCs, causing it to postpone the software installation until it could standardize its PCs.
As a result, 335,000 licenses remain inactive, leaving an equal number of agency PCs unprotected. Veterans data remained at risk due to unencrypted computers, according to the Oct. 11 report.
By way of explanation, the VAs Office of IT, which has more than 5,000 employees, pointed to conflicting priorities, including the departments transition from Windows XP to Windows 7 and a cultural transformation tied to the implementation of its Continuous Readiness in Information Security Program.
As recently as August, the Office of IT had not provided a timeframe for completing installation of the encryption software, and it was still assessing whether the encryption software would be compatible with the agencys PC operating systems. The VA now plans to include the encryption software as part of its Windows 7 rollout, with completion targeted for September 2013, according to the IG.
Cybersecurity, continuity planning, and data records management top the list in our latest Federal IT Priorities Survey. Also in the new, all-digital
Focus On The Foundation
issue of InformationWeek Government: The FBIs next-gen digital case management system, Sentinel, is finally up and running. (Free registration required.)

Last News

▸ DHS-funded SWAMP scans code for bugs. ◂
Discovered: 23/12/2024
Category: security

▸ Debunking Machine Learning in Security. ◂
Discovered: 23/12/2024
Category: security

▸ Researchers create BlackForest to gather, link threat data. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
VA Computers Remain Unencrypted, Years After Breach