Veterans Affairs sweats under security spotlight

Veterans Affairs sweats under security spotlight

By Tony Lee Orr

GCN Staff

SEPT. 22'Reports from the Veterans Affairs Department's inspector general and the General Accounting Office yesterday revealed computer security holes at the government's largest civilian agency.

IG contractors conducting penetration tests took over Veterans Benefits Administration systems last year and succeeded in finding sensitive medical and financial data for about 3.2 million veterans, said Michael Slachta Jr., VA's assistant inspector general for auditing.

'We are unaware of any successful hacking attempt' at the Hines regional office near Chicago, a VBA news release on the matter stated. 'We have recently initiated multiple protective measures based on the penetration testing conducted as a part of the audit.'

The IG findings repeated what has become a litany of security woes at many VA and branch administration sites: poor password selection, inadequate security training, failure to update user access information and lack of management oversight into user activities.

A workaround measure designed to increase productivity helped three VA employees embezzle $1.3 million by exploiting the control weaknesses created by the workarounds, Slachta said.

At some regional offices, individual users were given multiple passwords under multiple identification numbers for simultaneous access to various VBA processes, Slachta testified. The move defeated controls intended to promote separation of duties and prevent fraud or program abuse, he said.

Last week, the House Government Reform Subcommittee on Government Management, Information and Technology gave the VA a D grade for its computer security efforts.

Stay Connected

Sign up for our newsletter.

I agree to this site's Privacy Policy.