Firm Hired to Improve VA Security
By DAVID DISHNEAU
Associated Press Writer
http://www.newsday.com/news/nationworld/wire/sns-ap-vets-data-security,0,1154887.story?coll=sns-ap-nationworld-headlines
January 17, 2007, 8:57 PM EST
HAGERSTOWN, Md. -- The Department of Veterans Affairs
will pay a defense contractor millions of dollars
to help the agency improve data security after the theft last year of a computer
packed with personal information, company officials said Wednesday.
The project, focusing on the behavior of the department's 235,000 workers, is
part of the VA's effort to better protect sensitive information after a laptop
computer and external drive containing the personal information of about 26.5
million veterans and military members was stolen last spring.
Maryland-based Engineering Systems Solutions Inc. and subcontractor Dreifus
Associates Ltd. Inc., of Maitland, Fla., will work on the five-year contract,
which is worth $2.3 million in the first year and an undefined amount for the
rest, said Laura Nash, director of strategic consulting at Engineering Systems
Solutions.
They will look for effective data-protection practices in the health care and
finance industries and in other government agencies, and help the VA implement
similar measures, she said.
"A lot of it is really a people issue," Nash said. "People want to do the right
thing, but we can all be a little careless sometimes. We can all be a little bit
more careful."
The VA computer taken from an employee's home in May was recovered with no data
accessed, the agency said. The episode focused attention on the vulnerability of
portable devices containing huge amounts of sensitive information.
The department says it has since trained all employees in the proper handling of
sensitive data and installed encryption programs on all laptops. It spent at
least $80 million on computer security in the fiscal year that ended Sept. 30
and plans to increase that amount this year, spokeswoman Jo Schuda said.
"It needs to become part of someone's subconscious that as they go through their
day-to-day routine, they automatically take the necessary steps to protect
personal data," Nash said.
Such steps include using encryption when e-mailing sensitive data, logging off
one's computer when leaving one's desk and, "as part of changing the culture,
getting people to think twice" about taking work home, she said. "Do they really
need to take this data home? Is there another way of getting this work done
without having to have any kind of potential compromise?"