The Packet Rat | Once more, unto the breach
The Rat has finally found a silver lining in the recent loss of veterans' data in the laptop theft that has disgraced the Veterans Affairs Department. 'At least I've got a shot at collecting $1,000 from that class-action suit,' he said to his colleagues as they prepared for their own laptop security audit.
Just how an analyst at VA thought it was a good idea to bring home the personal data of millions of veterans'and then leave it home to be stolen'is certainly a question on the minds of many in government these days.
Sure, VA isn't unique in its faux pas'the recent thefts of laptops that held data from Hotels.com customers and the Fidelity retirement account data of Hewlett-Packard Co. employees come immediately to mind. But the scale of the loss'the records of 26.5 million, including 80 percent of all active-duty personnel'is a snafu only possible in the government.
'That's, like, 10 percent of the population of the U.S.,' said one of the Rat's minions after a quick consultation of Google.
'Even the most inept companies don't let employees carry around information on practically every customer they've ever had,' the Rat reflected. 'Especially customers accustomed to acting as organized units.'
So far, the only name tied to the scandal at VA is that of the unnamed analyst's supervisor, deputy assistant secretary for policy Michael McLendon, who has been forced to step down. The 60-year old GS-14 who took the data home has been fired as well, but his identity has not been revealed. 'We'll just call him Guy Fawkes,' the whiskered one suggested. 'It'll save us money on effigies.'
Why an IT specialist brought so many records home to work on has lots of conspiracies brewing. Some veterans' groups believe McLendon was having the data analyzed to find ways to reduce veterans' disability and medical benefits. McLendon worked on a task force in 2004 that focused on getting veterans back to work, or as the agency-watcher Hugh Cox put it on the site VAWatchdog.org
, 'make-work jobs, not benefits.'
Regardless of what the intent was, the wirebiter is taking this particular breach of protocol very personally, being a veteran like many of his fellow feds. It's also given him extra ammo in his daily struggle to convince people at his own agency to treat his data security manifestoes more seriously.
'Heck of a way to get a teaching moment, though,' his desktop support tech smirked. 'Maybe they could have just lost a hard drive with nuclear test data behind the refrigerator, like everyone else.'
Nonetheless, as VA prepared for its Security Awareness Week, the cyberrodent suspected that this would not be the last time events offered an opportunity to train users' attention on the importance of guarding sensitive data. Like the aftermath of all of the past safety stand-downs and policy crackdowns, the artificially enhanced vigilance will only last so long.
But the financial slap of a successful lawsuit against VA won't be that easy to forget. And that had the Rat thinking about how to keep vigilance from fading at his own agency.
'Here's a Swiftian proposal,' he told the gathered members of the IT security task force. 'I say that if anybody is found to have left the building with unencrypted Privacy Act data, they should be made to pay off the credit card debt of every person whose name is found on their hard drive.'The Packet Rat once managed networks but now spends his time ferreting out bad packets in cyberspace. E-mail him at firstname.lastname@example.org.