VA Finds it Hard To Say 'Terminate'
Despite rules and regulations requiring contractors to encrypt data on laptops, 578 vendors have refused to abide by this common-sense approach to protect veteran data, as I <a href= http://www.nextgov.com/nextgov/ng_20100513_1937.php>reported</a> last week.
Despite rules and regulations requiring contractors to encrypt data on laptops, 578 vendors have refused to abide by this common-sense approach to protect veteran data, as I reported last week.
Reps. Steve Buyer, R-Ind., and Phil Roe, R-Tenn., expended a lot of effort on Wednesday at a hearing on information security at the Veterans Affairs Department trying to get Jaren Doherty, associate deputy assistant secretary for information protection and risk management at the VA; Jan Frye, deputy assistant secretary for acquisition and logistics at the Office of Acquisition, Logistics and Construction; and Frederick Downs Jr., chief procurement and clinical logistics officer, to say what action, if any, they intended to take against vendors disinclined to adhere to VA security policies.
Buyer and Roe also wanted to know if the VA planned to take action against a contractor who had a laptop stolen that contained personal information on 644 veterans.
After an exasperated Buyer said he detested the finger pointing and bureaucratic wrangling on this simple question, Frye finally said if any of those 578 vendors remained recalcitrant, VA could terminate the contracts.
Frye also said VA has sent a show cause letter to the vendor that lost the laptop that contained veteran information and may terminate the contract.
Buyer, who praised VA Chief Information Officer Roger Baker at the hearing for taking ownership of a problem that was not of his making, said the department's latest data breach resulted from a flawed procurement system at the agency, not a problem in the VA IT shop headed by Baker.
"I have long held concerns over the procurement contracting process at VA," Buyer said. "It is highly decentralized, with limited contract review or oversight. I hope that this incident will serve as a wakeup call to VA, and I hope that we can now have a serious discussion about reforming VA's broken procurement system."
Roe identified the contractor which had its laptop stolen as Heritage Health Solutions, based in Flower Mound, Texas. Michael Kussman, who served as undersecretary of health at VA until he resigned in April 2009, serves on Heritage Health's advisory board.
The company has not responded to e-mails I sent on May 13 and again on Wednesday containing questions about the stolen laptop.
NEXT STORY: The missing ingredient in cybersecurity