Lawmakers tear into VA head after massive breach
Lawmaker calls for Nicholson's resignation as costs mount
IDG News Service - U.S. lawmakers on Thursday ripped into the U.S. Department of Veterans Affairs for a massive data breach announced this week, with one congressman calling for the resignation of the agency's leader.
The cost of fixing the data theft, involving the unencrypted personal records of 26.5 million veterans and their spouses, could cost "way north of $100 million" to fix, said VA Secretary R. James Nicholson, while speaking to the House Veterans' Affairs Committee. Asked what assurances he could give to veterans who could need help fixing credit problems or recovering lost money, Nicholson said he didn't know, without authorization from Congress.
Rep. Bob Filner, a California Democrat, questioned Nicholson's commitment to take responsibility for the data theft, which included Social Security numbers and information on health conditions. Filner and other members of the House Veterans' Affairs Committee also questioned why the VA waited until Monday to announce the data theft, which happened during a May 3 break-in of a VA analyst's home.
Nicholson's explanations about the incident were "incredibly bureaucratic," Filner said, in the first of two congressional hearings VA leaders faced Thursday.
"You said, 'I take responsibility,''' Filner said. "The most dramatic thing to do to take responsibility is resign. You tell [veterans], 'If you have any problems, call your credit bureau, call your bank.' Where is your responsibility in all this?"
VA Deputy Secretary Gordon Mansfield failed to tell Nicholson of the theft for 13 days, the secretary said. Nicholson is still reviewing disciplinary actions for Mansfield, the analyst who took home the data and others at the VA involved, he said.
Nicholson called the theft "devastating" and said the failure of employees to notify him of the theft shows serious problems at the VA. "As a veteran myself, I must tell you I was outraged," he said.
Committee Chairman Steve Buyer , an Indiana Republican, said the "intolerable" incident is part of a long history of VA officials resisting change in its IT infrastructure and its cybersecurity efforts. "I believe there's a damaged trust, angered veterans and their families, and there are systematic flaws," Buyer said.
Buyer suggested the agency offer a $1 million reward for the recovery of the missing data. "That million dollars is nothing compared to what we're about to spend" to fix the VA problems, he said.
The agency has received an F grade in four of the past five years on an annual cybersecurity review by the House Government Reform Committee.
So far, there's no indication that the stolen data has been used in identity theft schemes, Nicholson said. The VA has declined to give out details about the break-in, including the storage media, because the thieves may not know they have the data, he said.
- Mission Critical: Managing Mobile Applications & Content Smartphones, tablets and other mobile devices have become embedded in enterprise processes, thanks to the consumerization of IT and a new generation of...
- Securing Mobility, From Device to Network At one time, the process of managing and securing mobile devices and applications was fairly straightforward. Most organizations worried about one application (email)...
- Planning for Mobile Success Many organizations are seeing clear and quantifiable benefits from the deployment of mobile technologies that provide access to data and applications any time,...
- The Challenges and Opportunities of Mobile Application Development Nearly all business users now demand mobile devices--their own or company-owned--along with anywhere access to corporate applications and data. What turns mobile devices...
- Keep Servers Up and Running and Attackers in the Dark An SSL/TLS handshake requires at least 10 times more processing power on a server than on the client. SSL renegotiation attacks can readily...
- On Demand: Mastering the Art of Mobile Content Management Mobile device usage in the enterprise has skyrocketed, and it continues to escalate. IT must answer to users who demand access to their... All Legal White Papers | Webcasts