Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

VA still struggling with security

From: InfoSec News <isn () c4i org>
Date: Fri, 15 Mar 2002 06:35:16 -0600 (CST)
http://www.fcw.com/fcw/articles/2002/0311/web-va-03-14-02.asp

By Judi Hasson 
March 14, 2002

The Department of Veterans Affairs has taken major strides toward
creating a modern infrastructure but still has a long way to go to
protect its computer systems and sensitive data about veterans,
according to a General Accounting Office report released March 13.

Listing both the good marks and the failing ones, GAO said the agency
has benefited from VA Secretary Anthony Principi's commitment to
strengthening information technology. It has taken key steps to lay
the groundwork for enterprise architecture — a blueprint for its
information systems — and has worked hard to strengthen information
security management.

"However, VA continues to report pervasive and serious information
security weaknesses," the report said.

It also is unclear whether the VA's computer security management
program is strong enough to "protect its computer systems, networks
and sensitive veterans health care and benefits data from unnecessary
exposure to vulnerability and risks," the report said.

The VA has been spending about $1 billion a year on IT for the past
decade. President Bush is seeking $1.35 billion for the agency's IT
budget for fiscal 2003. But some of its systems have problems, and
information security remains the agency's biggest challenge.

"We want to know if the VA is spending IT money wisely," Rep. Steve
Buyer (R-Ind.), chairman of the House Veterans' Affairs Committee's
Oversight and Investigations Subcommittee, said at a hearing March 13.

John Gauss, the VA's assistant secretary for IT, told the panel that
the VA is making progress in several critical cybersecurity areas.  
Among them:

* A VA-wide firewall policy to protect the boundaries of the VA system
  from external attack.

* An antivirus software across the entire department.

Nevertheless, he acknowledged that the VA had not taken advantage of
available technology to ensure continuity of operations in the event
of a disruption.

"There is much to be done in this area," Gauss said.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY
of the mail.
Previous By Date Next
Previous By Thread Next

Current thread: