VA Adds Encryption Software to 15,000 Laptops

The U.S. Department of Veterans’ Affairs installed encryption software on some 15,000 agency-owned laptops over the past two weeks — part of a broad effort to improve information security following last May’s massive data compromise.

The VA is also in the process of supplying government-owned laptops to employees who use their computers to do agency work at home, Robert Howard, VA supervisor of information and technology, told federal lawmakers last week.

Howard detailed the VA’s latest security measures to the U.S. Senate Committee on Veterans’ Affairs during confirmation hearings on his nomination to the new VA post of assistant secretary for information and technology, which would oversee the agency’s newly centralized 4,600-person IT operation.

In August, President Bush nominated Howard, who has been supervisor of the VA’s IT office since May. If confirmed, he will be the first CIO-level executive at the agency to be an assistant secretary.

So far, encryption software has been installed on all but about 100 VA laptops, Howard said. The software is used to prevent the misuse of sensitive data, he said.

The agency is working with its hardware suppliers and encryption software vendors — GuardianEdge Technologies Inc. and Trust Digital Inc. — to sort out technology issues that have prevented the encryption software from being installed on the remaining systems, Howard said.

VA officials in August announced plans to spend $3.7 million to install data encryption software on the department’s laptops, desktop computers and portable storage media, such as flash drives and CDs.

The encryption measures are part of a broad security effort undertaken by the VA following the May breach, which caused sensitive data of more than 26.5 million veterans to be exposed. The data was stored on a laptop computer that was stolen from a private residence and later recovered. Investigators said there was no evidence the data was ever actually accessed.

Since then, the agency has also installed tools to manage and restrict use of USB storage devices, such as memory sticks, on VA systems, Howard said.

An agencywide security assessment program has so far yielded a 322-item action plan that Howard called a “living document that will guide our work.” He added that “its successful implementation is without doubt my highest priority.”

Andrew Jaquith, an analyst at Yankee Group Research Inc., said the VA appears to be on the right track to improve its operations.

Over the long term, Jaquith suggested, the agency should consider moving sensitive data off laptops entirely. Encryption alone is “a bit like supplying a drunkard with terrific hangover medicine rather than telling him to stop drinking,” he said.

Copyright © 2006 IDG Communications, Inc.

7 inconvenient truths about the hybrid work trend
Shop Tech Products at Amazon