By DAVID DISHNEAU
Associated Press Writer
Copyright 2007 The Associated Press
Jan. 17, 2007
HAGERSTOWN, Md. - The Department of Veterans Affairs will pay a defense
contractor millions of dollars to help the agency improve data security
after the theft last year of a computer packed with personal
information, company officials said Wednesday.
The project, focusing on the behavior of the department's 235,000
workers, is part of the VA's effort to better protect sensitive
information after a laptop computer and external drive containing the
personal information of about 26.5 million veterans and military members
was stolen last spring.
Maryland-based Engineering Systems Solutions Inc. and subcontractor
Dreifus Associates Ltd. Inc., of Maitland, Fla., will work on the
five-year contract, which is worth $2.3 million in the first year and an
undefined amount for the rest, said Laura Nash, director of strategic
consulting at Engineering Systems Solutions.
They will look for effective data-protection practices in the health
care and finance industries and in other government agencies, and help
the VA implement similar measures, she said.
"A lot of it is really a people issue," Nash said. "People want to do
the right thing, but we can all be a little careless sometimes. We can
all be a little bit more careful."
The VA computer taken from an employee's home in May was recovered with
no data accessed, the agency said. The episode focused attention on the
vulnerability of portable devices containing huge amounts of sensitive
The department says it has since trained all employees in the proper
handling of sensitive data and installed encryption programs on all
laptops. It spent at least $80 million on computer security in the
fiscal year that ended Sept. 30 and plans to increase that amount this
year, spokeswoman Jo Schuda said.
"It needs to become part of someone's subconscious that as they go
through their day-to-day routine, they automatically take the necessary
steps to protect personal data," Nash said.
Such steps include using encryption when e-mailing sensitive data,
logging off one's computer when leaving one's desk and, "as part of
changing the culture, getting people to think twice" about taking work
home, she said. "Do they really need to take this data home? Is there
another way of getting this work done without having to have any kind of
On the Net:
Engineering Systems Solutions: http://www.essworld.net
Dreifus Associates: http://www.dreifus.com
Department of Veterans Affairs: http://www.va.gov
Subscribe to InfoSec News