US VA Yet to Implement Security Measures in Computer Networks

U.S. Veterans Affairs Department, still with incomplete implementation of its safety measures, could risk veterans' health information and personal data to identity theft, according to government investigators.

According to the GAO (Government Accountability Office) report released on 19 September 2007, the VA (Veterans Affairs) promised to renew its security initiatives following the leakage of private information belonging to 26.5 Million active and veteran duty personnel.

The GAO found that VA had not completely secured access to its department facilities and computer networks. It had also not ensured for only authorized updates and changes to VA computer applications.

Further, the VA was operating without any chief information security officer since the month of June 2006 to supervise changes. VA also did not have adequate and clear procedures for notifying veterans in case their confidential data got lost, the report said. Since the recommendations have not been implemented, unnecessary risks of data theft prevail, investigators added.

However, according to Gordon Mansfield, VA Deputy Secretary, although he accepted the report's findings, he insisted that VA had secured its data in a 'legally adequate' manner. Several of the recommendations that the VA inspector general and the GAO had put forward for consideration in 2006 were going through their implementation stages, Mansfield added. The networkworld published this in news on 19 September 2007.

There has been a total revision of the security systems at VA, said Jim Nicholson, VA Secretary. He believes this reorganization, and the strengthening and modification of VA's regulations controlling IT, its execution, and its safety would minimize data loss in the coming days. Apgoogle published this on 19 September 2007.

In the meantime, the GAO admitted that the VA has progressed in the development of planned rectification of weaknesses it identifies in its IT system, which required privacy and security training to VA employees, and furnishing the VA secretary with regular reports.

But as there is a split in the supervisory responsibility of security for VA data among various offices with no clear system for joint working of the officials, significant gaps remain, according to the GAO.

Related article: US Passes Baton to Asia in Spam Relay

» SPAMfighter News - 10/4/2007