US Feds lacking in data security

By

Federal agencies are not doing enough to protect citizens from identity theft, according to a report by the U.S. Government Accountability Office (GAO), the investigative arm of Congress.


The report, "Information Security: Protecting Personally Identifiable Information," was spurred on by the major security breach at the Department of Veterans Affairs(VA) in 2006, when a laptop containing the names, Social Security numbers and other personal information of millions of veterans was stolen.

Sen. Norm Coleman, R-Minn., and Rep. Susan Davis, D-Calif., requested that GAO identify federal laws already in place and to investigate and describe the state of IT security compliance of 24 federal agencies.

GAO recommendations included encrypting data on mobile computers and other devices that carry agency data, and using a National Institute of Standards and Technology (NIST) checklist to properly categorise any data deemed personally identifiable information that is accessed remotely or physically transported outside the agency.

Only two agencies – Treasury and Transportation – meet all the recommendations for compliance, while two others – Small Business Administration and National Science Foundation – met none, the GAO report said. The other 20 agencies comply to some but not all of the GAO report's recommendations for better security and privacy.

The VA does not yet fully comply with all the GAO recommendations, but is working to improve its security, a VA spokesman told SCMagazineUS.com
Tuesday.

"VA is committed to ensuring the personal information of our veterans is secured,” said Matt Smith, a department spokesman. “We are continually enhancing our protections and welcome opportunities to improve."

While John Dasher, director of product management at encryption provider PGP, said he applauds the GAO for highlighting the need for more agency security, he believes the report and subsequent actions fall short.

“There is no real plan behind the report,” he told SCMagazineUS.com Thursday. “It talks about encryption, which is a good thing, but an enforceable policy is necessary. If you put rules in place, you need to take action to make sure people follow those rules.”

A representative from the federal Office of Management and Budget, which has released two memos mandating federal agencies implement data security safeguards and breach notification protocols, did not respond to a request for comment.

See original article on scmagazineus.com
Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:
accountabilitydata securitygovernmentofficereportsecurity

Sponsored Whitepapers

See everything. Do more.
See everything. Do more.
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra
Diamond IT Delivers GRC Transformation with Microsoft Purview
Diamond IT Delivers GRC Transformation with Microsoft Purview
Linktech Powers Energy Trader’s Essential Eight Compliance in Just Eight Weeks
Linktech Powers Energy Trader’s Essential Eight Compliance in Just Eight Weeks
Byte Delivers Future-Ready IT: Transforming Endpoint Security and Productivity with a Cloud-First Strategy
Byte Delivers Future-Ready IT: Transforming Endpoint Security and Productivity with a Cloud-First Strategy

Events

Most Read Articles

India's alarm over Chinese spying rocks CCTV makers

India's alarm over Chinese spying rocks CCTV makers
Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies
Cyber companies hope to untangle weird hacker codenames

Cyber companies hope to untangle weird hacker codenames
Woolworths' CSO is Optus-bound

Woolworths' CSO is Optus-bound
techpartner.news logo
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
"It's an exciting time to be part of the health and aged care sector"
"It's an exciting time to be part of the health and aged care sector"
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Orro claims Australia first with managed digital asset discovery service
Orro claims Australia first with managed digital asset discovery service

Log In

  |  Forgot your password?