Lawmakers tear into VA head after massive breach
Lawmaker calls for Nicholson's resignation as costs mount
IDG News Service - U.S. lawmakers on Thursday ripped into the U.S. Department of Veterans Affairs for a massive data breach announced this week, with one congressman calling for the resignation of the agency's leader.
The cost of fixing the data theft, involving the unencrypted personal records of 26.5 million veterans and their spouses, could cost "way north of $100 million" to fix, said VA Secretary R. James Nicholson, while speaking to the House Veterans' Affairs Committee. Asked what assurances he could give to veterans who could need help fixing credit problems or recovering lost money, Nicholson said he didn't know, without authorization from Congress.
Rep. Bob Filner, a California Democrat, questioned Nicholson's commitment to take responsibility for the data theft, which included Social Security numbers and information on health conditions. Filner and other members of the House Veterans' Affairs Committee also questioned why the VA waited until Monday to announce the data theft, which happened during a May 3 break-in of a VA analyst's home.
Nicholson's explanations about the incident were "incredibly bureaucratic," Filner said, in the first of two congressional hearings VA leaders faced Thursday.
"You said, 'I take responsibility,''' Filner said. "The most dramatic thing to do to take responsibility is resign. You tell [veterans], 'If you have any problems, call your credit bureau, call your bank.' Where is your responsibility in all this?"
VA Deputy Secretary Gordon Mansfield failed to tell Nicholson of the theft for 13 days, the secretary said. Nicholson is still reviewing disciplinary actions for Mansfield, the analyst who took home the data and others at the VA involved, he said.
Nicholson called the theft "devastating" and said the failure of employees to notify him of the theft shows serious problems at the VA. "As a veteran myself, I must tell you I was outraged," he said.
Committee Chairman Steve Buyer , an Indiana Republican, said the "intolerable" incident is part of a long history of VA officials resisting change in its IT infrastructure and its cybersecurity efforts. "I believe there's a damaged trust, angered veterans and their families, and there are systematic flaws," Buyer said.
Buyer suggested the agency offer a $1 million reward for the recovery of the missing data. "That million dollars is nothing compared to what we're about to spend" to fix the VA problems, he said.
The agency has received an F grade in four of the past five years on an annual cybersecurity review by the House Government Reform Committee.
So far, there's no indication that the stolen data has been used in identity theft schemes, Nicholson said. The VA has declined to give out details about the break-in, including the storage media, because the thieves may not know they have the data, he said.
- Enable secure remote access to 3D data without sacrificing visual perfomance Design and manufacturing companies must adapt quickly to the demands of an increasingly global and competitive economy. To speed time to market for...
- The Truth About Virtual Computing for CAD If you're a user of graphics-intensive software such as 3D modeling, simulation and analysis, and visualization, you might be skeptical about moving to...
- Virtually Delivered High Performance 3D Graphics "A picture is worth a thousand words." That old phrase is as true today as it ever was. Pictures (i.e., those with heavy...
- Simplifying Product Design In A Complex World Product design engineering has moved far beyond the confines of ever-more powerful workstations. Companies can't afford to restrict projects to using only local...
- What should I look for in a Next Generation Firewall? SANS Provides Guidance With so many vendors claiming to have a Next Generation Firewall (NGFW), it can be difficult to tell what makes each one different....
- Why Are Customers Really Deploying an NGFW? It seems every IT Security expert is talking about the NGFW, but what are people really doing? This webcast covers 5 real-world customer... All Legal White Papers | Webcasts