Lawmakers tear into VA head after massive breach
Lawmaker calls for Nicholson's resignation as costs mount
IDG News Service - U.S. lawmakers on Thursday ripped into the U.S. Department of Veterans Affairs for a massive data breach announced this week, with one congressman calling for the resignation of the agency's leader.
The cost of fixing the data theft, involving the unencrypted personal records of 26.5 million veterans and their spouses, could cost "way north of $100 million" to fix, said VA Secretary R. James Nicholson, while speaking to the House Veterans' Affairs Committee. Asked what assurances he could give to veterans who could need help fixing credit problems or recovering lost money, Nicholson said he didn't know, without authorization from Congress.
Rep. Bob Filner, a California Democrat, questioned Nicholson's commitment to take responsibility for the data theft, which included Social Security numbers and information on health conditions. Filner and other members of the House Veterans' Affairs Committee also questioned why the VA waited until Monday to announce the data theft, which happened during a May 3 break-in of a VA analyst's home.
Nicholson's explanations about the incident were "incredibly bureaucratic," Filner said, in the first of two congressional hearings VA leaders faced Thursday.
"You said, 'I take responsibility,''' Filner said. "The most dramatic thing to do to take responsibility is resign. You tell [veterans], 'If you have any problems, call your credit bureau, call your bank.' Where is your responsibility in all this?"
VA Deputy Secretary Gordon Mansfield failed to tell Nicholson of the theft for 13 days, the secretary said. Nicholson is still reviewing disciplinary actions for Mansfield, the analyst who took home the data and others at the VA involved, he said.
Nicholson called the theft "devastating" and said the failure of employees to notify him of the theft shows serious problems at the VA. "As a veteran myself, I must tell you I was outraged," he said.
Committee Chairman Steve Buyer , an Indiana Republican, said the "intolerable" incident is part of a long history of VA officials resisting change in its IT infrastructure and its cybersecurity efforts. "I believe there's a damaged trust, angered veterans and their families, and there are systematic flaws," Buyer said.
Buyer suggested the agency offer a $1 million reward for the recovery of the missing data. "That million dollars is nothing compared to what we're about to spend" to fix the VA problems, he said.
The agency has received an F grade in four of the past five years on an annual cybersecurity review by the House Government Reform Committee.
So far, there's no indication that the stolen data has been used in identity theft schemes, Nicholson said. The VA has declined to give out details about the break-in, including the storage media, because the thieves may not know they have the data, he said.
- Agility & Scalability for Oracle EBS R12 and RAC on VMware vSphere 5 This white paper outlines extensive performance and scalability testing of Oracle EBS applications on a Vblock™ Systems with vSphere 5.
- Oracle and VCE: The Next Step in Integrated Computing Platforms In this ESG Lab review you will learn how a VCE system driven by Oracle, delivers the perfect blend of high performance and...
- Migrate Oracle Apps from RISC/UNIX to Virtualized x86 Ready to move Oracle to a virtualized environment? This brief explains how true converged infrastructure can help you migrate from a RISC/UNIX environment...
- Step Out of the Bull's-Eye Learn about the evolution of targeted attacks, the latest in security intelligence, and strategic steps to keep your business safe.
- Keep Servers Up and Running and Attackers in the Dark An SSL/TLS handshake requires at least 10 times more processing power on a server than on the client. SSL renegotiation attacks can readily...
- On Demand: Mastering the Art of Mobile Content Management Mobile device usage in the enterprise has skyrocketed, and it continues to escalate. IT must answer to users who demand access to their... All Legal White Papers | Webcasts