U.S. Senate minority leader Harry Reid wasted little time finding fault with
the Veterans Administration’s (VA) latest security breach, calling for the
resignation of VA Secretary Jim Nicholson.
Earlier this week, the VA reported
a desktop computer with personal information on as many as 38,000 veterans
is missing from a VA subcontractor’s office.
“Enough is enough. Secretary Nicholson must resign immediately and be
replaced with an individual who will do more than talk, but deliver on the
promises America makes to those who serve,” Reid said in a statement.
The breach follows a May disclosure by the VA of a stolen laptop containing personal information on
approximately 26 million veterans.
The laptop was eventually recovered with no apparent incidents of identity
theft.
After the May breach, both the House and the Senate held hearings on the
VA’s security procedures. Nicholson testified at both hearings.
“Last October, I approved a major restructuring of information security
within the department, far, far before this incident occurred and reached
the light of day,” Nicholson testified.
“This restructuring ordered the centralizing of almost all of the
information technology within the department to come under the chief
information officer.”
Nicholson said the May breach “accelerated” the VA’s security consolidation
and promised lawmakers the VA would set the standard for other government
agencies when it comes to security of records.
Then came this week’s breach.
“Less than a month after promising to make the VA the ‘gold standard’ in
data security, Secretary Nicholson has again presided over loss of the
personal information of thousands of veterans,” Reid said.
Nicholson issued a statement after this week’s breach stressing there is
still work to be done on the VA’s security restructuring.
“VA is making progress to reform its information technology and cyber-security procedures, but this report of a missing computer at a
subcontractor’s secure building underscores the complexity of the work
ahead,” Nicholson said Monday.
In May, VA Inspector General (IG) George Opfer told Congress serious
security issues remain at the VA.
“In all four audits of the VA Security Program issued since 2001, we
reported serious vulnerabilities that remain uncorrected,” Opfer said.
“These reports highlight specific vulnerabilities that can be exploited, but
the recurring themes in these reports are the need for centralization,
remediation, and accountability in VA information security.”
Since 2001, Opfer said the IG’s office has reported weaknesses in “physical
security, electronic security, wireless security, personnel security and
FISMA reporting.”