House VA Committee Continues Oversight of VA Information Technology Security
Washington, D.C. - Bob Filner (D-CA), Chairman of the House Committee on Veterans' Affairs, held a hearing on Wednesday to continue vigilant oversight of information technology (IT) management at the Department of Veterans' Affairs (VA).
"Our charge is to ensure that while the VA is carrying out its mission, it does so with the best and most up-to-date technology the 21st century provides, while securing that technology from outside manipulation and preventing improper disclosure of our veterans' confidential information," said Chairman Filner. "At the same time, the VA must continue to foster the creativity and innovation that has put it at the forefront of medical care. These are not easy tasks, but I believe that the VA can simultaneously provide our veterans the greatest security while driving innovation in the field."
In October 2005, VA began a major information technology transformation and consolidation in the realm of information privacy and security. A 2006 security breach focused the attention of veterans and Congress when a laptop containing personal data of millions of veterans was lost. In December 2006, Congress directed VA to implement a centralized IT security program, provide credit monitoring to veterans whose private information was disclosed and provide Congress immediate reports of any significant disclosure of personal information. The realignment program is predicted to be completed by July 2008.
"Centralization of the entire VA IT function is a complicated task that cannot be done overnight and requires careful management and oversight," said Chairman Filner. "I am heartened by many of the steps the VA has undertaken, but remain concerned that more should be done, and could be done faster."
The Government Accountability Office reported on VA's efforts in a June 2007 report. In the report, GAO stated that the VA had not yet fully secured access to its computer network and department facilities. While the report showed a commitment from senior leadership, the GAO reported that the VA had not made progress on a number of actions critical to the successful achievement of the goals of the reorganization. A September 2007 GAO report on VA's Information Security made 17 recommendations to the Secretary of the VA aimed at improving the effectiveness of VA's efforts to strengthen information security practices. VA stated that it generally agreed with the recommendations and has implemented or is working to implement them.