From: FederalNewsRadio.com 1500 AM
By Jason Miller
Concerns and allegations about the security of the data of tens of millions of veterans at the Veterans Affairs Department run deeper than just a lack of stringent controls over the agency’s systems certification process.
Lawmakers, inspector general auditors and a former VA chief information security officer say nation-state actors have been and continue to steal agency data, including emails from Secretary Eric Shinseki. And VA IT officials can’t say how much or what kind of information the hackers are taking because the bad actors are encrypting the data as it leaves the agency’s network.
These allegations and the lack of answers from VA’s acting assistant secretary in the Office of Information and Technology and chief information officer Stephen Warren left the House Veterans Affairs Subcommittee on Oversight and Investigations stunned and horrified.
“The entire veteran database in VA containing personally identifiable information on roughly 20 million veterans is not encrypted and evidence suggests that it has been repeatedly compromised since 2010 by foreign actors by China and possibly by Russia,” said subcommittee chairman Mike Coffman (R-Colo.), during a hearing Tuesday. “Recently, the subcommittee discussed VA’s authorization to operate, a formal declaration that authorizes operation of a product on VA’s network which explicitly accepts the risk to agency operations, and was told that ‘VA’s security posture was never at risk.’ In fact, VA’s security posture has been an unacceptable risk for at least three years as sophisticated actors use weaknesses in VA’s security posture to exploit the system and remove veterans’ information and system passwords. These actors have had constant access to VA systems and data, information which included unencrypted databases containing hundreds of thousands to millions of instances of veteran information such as veterans’ and dependents’ names, Social Security numbers, dates of birth, and protected health information.”
Leave a Reply