VA centralizes security control
VA and other agencies ramp up their information security management strategies
The Department of Veterans Affairs will consolidate its systems security management and budget within the department's Office of the Chief Information Officer.
Starting Nov. 1, all information security policy and operations at the VA will operate out of the CIO office, said Bruce Brody, VA's associate deputy assistant secretary for cybersecurity. He was speaking Oct. 24 at a breakfast sponsored by the Bethesda, Md., chapter of AFCEA International Inc.
The change is not a surprise — VA Secretary Anthony Principi outlined the consolidation of all information technology functions in a memo last August — but the security organization is the only instance where the consolidation is mandatory, Brody said.
The new structure includes approximately 125 people with control over almost $80 million in security investments across the department, he said.
Meanwhile, other agencies are planning to enhance their enterprisewide programs and initiatives during fiscal 2003.
At the Energy Department, new security measures are considered a fundamental part of the 19 cross-functional e-government initiatives developed within the department, said John Przysucha, associate CIO for cybersecurity.
Integrating the management of information security at the Transportation Department into the day-to-day management of programs is a major effort for the coming year, said Lisa Schlosser, associate CIO for IT security at the department. But many specific security initiatives at Transportation will not be able to move forward until the fiscal 2003 funding that is hung up in Congress comes through, she said.
VA is also waiting for funding in order to award several departmentwide blanket purchase agreements for information security services and products, Brody said.
Other planned fiscal 2003 initiatives at VA, the Energy, Agriculture and Transportation departments include:
*VA is about to kick off a new public-key infrastructure authentication and authorization project.
*The Agriculture Department plans to ramp up its certification and accreditation program for information systems, following guidelines from the National Institute of Standards and Technology.
*Energy expects to roll out several PKI-enabled enterprise applications that use digital signatures.
*Transportation will expand departmentwide the incident response center tested at the Federal Aviation Administration.
NEXT STORY: Assembling a model for the budget process