VA orders encrypted data to go
Agency awards $3.7 million contract to install software by September
- By Mary Mosquera
- Aug 18, 2006
I have promised America's veterans that I intend to make VA information security a model of data security.'
' VA secretary Jim Nicholson
Every Veterans Affairs Department notebook PC and mobile device will have software to encrypt data by mid-September. This is one of the more significant steps VA secretary Jim Nicholson has promised to better protect agency information after two recent data breaches.
VA awarded a $3.7 million contract to Systems Made Simple Inc. of Syracuse, N.Y., to install encryption products from GuardianEdge Technologies Inc. of San Francisco and Trust Digital of McLean, Va.
SMS will use the Guardian-Edge Encryption Anywhere Data Protection Platform for encryption of hard drives and removable storage devices, and Trust Digital Mobile Edge Device Security for personal digital assistants and smart phones. Combined, SMS will encrypt about 300,000 notebooks and mobile devices.
The Encryption Anywhere platform supports numerous endpoint encryption software applications and integrates with Microsoft Active Directory.
Organizations still can use their existing identity and desktop management infrastructure to protect data stored on notebooks, desktops and removable media, company officials said.
The encryption program is in response to a data breach in May, when thieves stole a notebook and hard drive that contained the personal data of millions of veterans from the home of a VA employee. Law enforcement has recovered the items and arrested two men in the case.
'I have promised America's veterans that I intend to make VA information security a model of data security, and this expedited encryption program is a major step in that direction,' Nicholson said.
In response to the data breach at VA and several other agencies, the Office of Management and Budget in a June memo directed agencies to encrypt data on mobile devices by Aug. 7.
VA also hired ID Analytics Inc. of San Diego to provide data breach analysis to ensure that information contained on computer equipment stolen in May is not compromised.
The company will provide an initial analysis and continue to offer its assessments on a quarterly basis.
ID Analytics will analyze the breach for patterns of suspicious behavior using its ID Network, which applies analytic technology across 3 billion identity elements contributed daily by its members across financial services, wireless, e-commerce, health care, automotive, utility, retail and government.
VA did not have to pay for the data analysis contract, said Karen Stadelmeier, ID Analytics marketing director. The data breach hit close to home, since San Diego, where the vendor is based, is a big military town.
'Our breach analysis service is a gift to the VA. Since we are the only company with this technology and we knew we could help, it was the right thing to do,' she said.Important steps
VA's actions move the department forward significantly, said Sen. Larry Craig, chairman of the Senate Veterans' Affairs Committee.
'These are important steps which should go a long way to making VA the model agency in data security within the federal government,' he said.
Veterans affected by the latest data theft, in which a desktop computer went missing earlier this month from the Reston, Va., offices of subcontractor Unisys Corp., will receive credit monitoring for one year from the vendor. The computer contained personal information on about 38,000 veterans who have sought care from two VA medical facilities in Pittsburgh and Philadelphia.
FBI's Washington field office, VA's inspector general and local law enforcement are conducting the investigation.
Unisys also offered a reward of up to $50,000 for information leading to the recovery of the computer.
Mary Mosquera is a reporter for Federal Computer Week.