[ISN] VA still struggling with security

From: InfoSec News (isnat_private)
Date: Fri Mar 15 2002 - 04:35:16 PST

  • Next message: InfoSec News: "[ISN] Tracker Gets A Visit From Hacker!"

    http://www.fcw.com/fcw/articles/2002/0311/web-va-03-14-02.asp
    
    By Judi Hasson 
    March 14, 2002
    
    The Department of Veterans Affairs has taken major strides toward
    creating a modern infrastructure but still has a long way to go to
    protect its computer systems and sensitive data about veterans,
    according to a General Accounting Office report released March 13.
    
    Listing both the good marks and the failing ones, GAO said the agency
    has benefited from VA Secretary Anthony Principi's commitment to
    strengthening information technology. It has taken key steps to lay
    the groundwork for enterprise architecture — a blueprint for its
    information systems — and has worked hard to strengthen information
    security management.
    
    "However, VA continues to report pervasive and serious information
    security weaknesses," the report said.
    
    It also is unclear whether the VA's computer security management
    program is strong enough to "protect its computer systems, networks
    and sensitive veterans health care and benefits data from unnecessary
    exposure to vulnerability and risks," the report said.
    
    The VA has been spending about $1 billion a year on IT for the past
    decade. President Bush is seeking $1.35 billion for the agency's IT
    budget for fiscal 2003. But some of its systems have problems, and
    information security remains the agency's biggest challenge.
    
    "We want to know if the VA is spending IT money wisely," Rep. Steve
    Buyer (R-Ind.), chairman of the House Veterans' Affairs Committee's
    Oversight and Investigations Subcommittee, said at a hearing March 13.
    
    John Gauss, the VA's assistant secretary for IT, told the panel that
    the VA is making progress in several critical cybersecurity areas.  
    Among them:
    
    * A VA-wide firewall policy to protect the boundaries of the VA system
      from external attack.
    
    * An antivirus software across the entire department.
    
    Nevertheless, he acknowledged that the VA had not taken advantage of
    available technology to ensure continuity of operations in the event
    of a disruption.
    
    "There is much to be done in this area," Gauss said.
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.
    



    This archive was generated by hypermail 2b30 : Fri Mar 15 2002 - 08:00:33 PST