Patch management on the way for VA

Patch management on the way for VA

The Veterans Affairs Department expects to roll out an aggressive patch management system over the next year, the department's head of cyber and information security said Wednesday.

The need became apparent during the current waves of worms swamping the Internet, Bruce Brody, associate deputy assistant secretary for cyber and information security, told an audience at a Washington conference sponsored by Unisys Corp.

'We did very well last week in the first round of worm outbreaks,' which began Aug. 11, Brody said. 'This week, with Variant D, we learned that the antivirus side of our house was in good working order, but the patch management side is horrendous.'

Establishing a centralized antivirus program has been one of the successes of Brody's two-year tenure as VA's chief security officer. It is standardized on McAfee antivirus software from Network Associates Inc. of Santa Clara, Calif., and managed by VA's Central Incident Response Capability in Silver Spring, Md.

The success has come despite the fact that no major antivirus product fully meets the department's requirements.

'The problems are primarily in management and reporting,' Brody said. Because of the department's centralized management, 'we require a four-tier hierarchical structure' with the ability to gather data and push updates to departmental, regional, facility and desktop levels. 'That is our primary need.'

After evaluating available antivirus products, 'I told the CEO of McAfee that his product sucked the least,' Brody said.

He said he would re-evaluate antivirus products next year.

Although the antivirus structure protected VA systems from the MSBlaster worm that exploits a remote procedure call vulnerability in Microsoft Windows operating systems, many VA systems were not patched to correct the underlying problem. The Good Samaritan variant that exploits and apparently patches that vulnerability penetrated VA defenses this week. The 'good' worm apparently has no malicious payload, but its aggressive scanning for vulnerable machines can cause network congestion and slow performance.

'This week we got hit pretty hard,' Brody said. 'All the unpatched systems really caused us problems. And we put out the patch as early as July 16,' the day it was released by Microsoft.

About the Author

William Jackson is a Maryland-based freelance writer.

Stay Connected

Sign up for our newsletter.

I agree to this site's Privacy Policy.