VA to certify project security
Program managers will sign a contract certifying that they have installed security with every project
The new cybersecurity chief at the Department of Veterans Affairs says program managers will be asked to sign a contract certifying that they have installed security with every project they build.
Bruce Brody, the associate deputy assistant secretary for cybersecurity, said in an interview Aug. 20 that the new policy is necessary because security is one issue that tends to "slip."
"We are setting in place system security requirements," he said. "There's a lot of independent action going on.... It's the renegades. It's the people who can put an uncertified network up there."
Brody also said new rules for telecommuting would be published for VA employees. Not long ago, a worker in the Midwest using a home computer transmitted a virus to VA headquarters when he connected to his office.
The policy will require workers to use a computer strictly dedicated to VA work, he said.
Writing in the June/July 2001 issue of the VA newsletter, VAnguard, Brody said the VA has a long way to go to tighten security.
VA information systems and networks are "so deficient in basic security protections that they represent a material weakness in our ability to provide timely, reliable services to those who rely on our service," he wrote. "There is also material weakness in our ability to protect the confidentiality, integrity and availability of the private information we maintain about those people to whom we provide services."
NEXT STORY: Letters to the editor