Gulf War Vets Home Page

Firm Hired to Improve VA Security

By DAVID DISHNEAU
Associated Press Writer
http://www.newsday.com/news/nationworld/wire/sns-ap-vets-data-security,0,1154887.story?coll=sns-ap-nationworld-headlines

January 17, 2007, 8:57 PM EST

HAGERSTOWN, Md. -- The Department of Veterans Affairs will pay a defense contractor millions of dollars to help the agency improve data security after the theft last year of a computer packed with personal information, company officials said Wednesday.

The project, focusing on the behavior of the department's 235,000 workers, is part of the VA's effort to better protect sensitive information after a laptop computer and external drive containing the personal information of about 26.5 million veterans and military members was stolen last spring.

Maryland-based Engineering Systems Solutions Inc. and subcontractor Dreifus Associates Ltd. Inc., of Maitland, Fla., will work on the five-year contract, which is worth $2.3 million in the first year and an undefined amount for the rest, said Laura Nash, director of strategic consulting at Engineering Systems Solutions.

They will look for effective data-protection practices in the health care and finance industries and in other government agencies, and help the VA implement similar measures, she said.

"A lot of it is really a people issue," Nash said. "People want to do the right thing, but we can all be a little careless sometimes. We can all be a little bit more careful."

The VA computer taken from an employee's home in May was recovered with no data accessed, the agency said. The episode focused attention on the vulnerability of portable devices containing huge amounts of sensitive information.

The department says it has since trained all employees in the proper handling of sensitive data and installed encryption programs on all laptops. It spent at least $80 million on computer security in the fiscal year that ended Sept. 30 and plans to increase that amount this year, spokeswoman Jo Schuda said.

"It needs to become part of someone's subconscious that as they go through their day-to-day routine, they automatically take the necessary steps to protect personal data," Nash said.

Such steps include using encryption when e-mailing sensitive data, logging off one's computer when leaving one's desk and, "as part of changing the culture, getting people to think twice" about taking work home, she said. "Do they really need to take this data home? Is there another way of getting this work done without having to have any kind of potential compromise?"