VA still struggling with security
Despite strides toward strengthening IT, the VA still has serious information security weaknesses, GAO finds
The Department of Veterans Affairs has taken major strides toward creating a modern infrastructure but still has a long way to go to protect its computer systems and sensitive data about veterans, according to a General Accounting Office report released March 13.
Listing both the good marks and the failing ones, GAO said the agency has benefited from VA Secretary Anthony Principi's commitment to strengthening information technology. It has taken key steps to lay the groundwork for enterprise architecture — a blueprint for its information systems — and has worked hard to strengthen information security management.
"However, VA continues to report pervasive and serious information security weaknesses," the report said.
It also is unclear whether the VA's computer security management program is strong enough to "protect its computer systems, networks and sensitive veterans health care and benefits data from unnecessary exposure to vulnerability and risks," the report said.
The VA has been spending about $1 billion a year on IT for the past decade. President Bush is seeking $1.35 billion for the agency's IT budget for fiscal 2003. But some of its systems have problems, and information security remains the agency's biggest challenge.
"We want to know if the VA is spending IT money wisely," Rep. Steve Buyer (R-Ind.), chairman of the House Veterans' Affairs Committee's Oversight and Investigations Subcommittee, said at a hearing March 13.
John Gauss, the VA's assistant secretary for IT, told the panel that the VA is making progress in several critical cybersecurity areas. Among them:
* A VA-wide firewall policy to protect the boundaries of the VA system from external attack.
* An antivirus software across the entire department.
Nevertheless, he acknowledged that the VA had not taken advantage of available technology to ensure continuity of operations in the event of a disruption.
"There is much to be done in this area," Gauss said.
NEXT STORY: E-gov misses local connection