A Matter Of National Security

Coming off the terrible embarrassment of the theft of a Veterans Administration computer containing the personal information of more than 26 million veterans and their family members, the federal government desperately needs to prove it is capable of protecting data. The government is making some efforts to prove it is regaining control but these steps may not be enough.

Amy DeCarlo

July 3, 2006

1 Min Read
NetworkComputing logo in a gray background | NetworkComputing

Coming off the terrible embarrassment of the theft of a Veterans Administration computer containing the personal information of more than 26 million veterans and their family members, the federal government desperately needs to prove it is capable of protecting data. The government is making some efforts to prove it is regaining control but these steps may not be enough.A memo issued in late June by Clay Johnson, deputy director for management at the White House Office of Management and Budget, suggested agencies begin encrypting all sensitive data stored on mobile computers and devices. The memo also outlined other recommendations including two-factor authentication for remote data access; reauthentication for remote users after 30 minutes of inactivity; and close monitoring of all data retrieved from federal databases.

While these all sound like very logical steps toward improving federal data security, unfortunately the memo is really little more than a guideline. There are no ramifications for not instituting these or other security changes. This may make it too easy for agencies that have thus far avoided a serious data security incident to continue to disregard the importance of locking down protection of sensitive information.

The government has a prime opportunity to begin redeeming itself. Initial information shows the information contained on the stolen VA laptop was not breached. The government can and should take aggressive steps to make sure it institutes the best possible practices to protect information. That includes making sure it has physical security in hand, something the initial guidelines don't seem to emphasize. After all, this really is a matter of national security.

About the Author

Amy DeCarlo

Principal Analyst, Security and Data Center Services

SUBSCRIBE TO OUR NEWSLETTER
Stay informed! Sign up to get expert advice and insight delivered direct to your inbox

You May Also Like


More Insights