Data Dump

Beware of overreaction to the recent spate of federal data theft incidents.

All indications are that this is shaping up to be the Summer of Data Theft in the federal government.

It got started with a bang just before Memorial Day, when the Veterans Affairs Department announced that personal information on more than 26 million veterans and military service members had been stolen along with a laptop computer from an employee's home. The ensuing scandal was amplified when other agencies began logging reports of their own data thefts:

  • The Health and Human Services Department announced that information on more than 17,000 Medicare beneficiaries might have been compromised because a contractor had failed to properly secure the data.
  • Energy Department officials acknowledged that last September, they discovered that a hacker had accessed personnel records for 1,500 contract workers and employees at the National Nuclear Security Administration.
  • The Agriculture Department reported that a hacker broke into one of its computer systems and might have stolen the names, Social Security numbers and photos of 26,000 Washington-area employees and contractors. The information was used to create staff and contractor ID badges.
  • The Federal Trade Commission revealed that two of its laptops were stolen from a car. (A "locked vehicle," the agency took pains to note.) FTC notified 110 people that some of their personal information was contained on the computers.
  • In an ironic twist, the Government Accountability Office, which has sharply criticized agencies' information security policies, was forced to acknowledge that it had posted records on its Web site with some personal identifying information on a group of federal employees.

All of this is just what the government needed: another excuse for Americans to believe that agencies can't be trusted with basic tasks. And, unfortunately, the incidents provoked a typically Washingtonian response: political grandstanding and panicked overreaction.

VA Secretary James Nicholson was hauled to Capitol Hill to explain how the data theft could have occurred and why it took almost three weeks for the department to make it public. His testimony boiled down to the following: Everybody but me screwed up. Nicholson said he was "outraged" and "mad as hell" about the "lapses of judgment on the behalf of my people." He insisted that "directives were issued," but "they were paid no attention to."

Congress demanded action, and Nicholson gave it to them. Within days, Veterans Affairs took immediate steps to notify those whose data was stolen. Later, the agency began soliciting bids from contractors to provide a year's worth of free credit reporting to people whose personal information was compromised.

But the steps Nicholson took with respect to his own workforce could have an even more long-lasting effect. Nicholson started the process of firing the employee who brought the data home, and replaced the leaders of the division where he worked. In early June, he declared that the agency would limit telework at one of its divisions and eliminate employees' access to department networks from their home PCs.

That action sent a strong message to employees not only at VA, but across government: Punch in and punch out at the office, and never take work home. Why take the risk that you'll end up bringing home data that will be deemed sensitive?

Unfortunately, we in the media will end up reinforcing this message, because we'll continue to be on watch for the next story in the ongoing data theft scandal. Just look at the number of stories that emerged in the weeks after the VA incident.

But as you read them, remember this: The VA employee whose data was stolen brought it home on disks, not by accessing the department's network remotely. And it turned out he had received permission to bring a laptop and the data home-presumably because of his dedication to his job. From now on, fewer employees will make that mistake. Is that what the government-and the country-really wants?

Stay up-to-date with federal news alerts and analysis — Sign up for GovExec's email newsletters.
FROM OUR SPONSORS
JOIN THE DISCUSSION
Close [ x ] More from GovExec
 
 

Thank you for subscribing to newsletters from GovExec.com.
We think these reports might interest you:

  • Going Agile:Revolutionizing Federal Digital Services Delivery

    Here’s one indication that times have changed: Harriet Tubman is going to be the next face of the twenty dollar bill. Another sign of change? The way in which the federal government arrived at that decision.

    Download
  • Cyber Risk Report: Cybercrime Trends from 2016

    In our first half 2016 cyber trends report, SurfWatch Labs threat intelligence analysts noted one key theme – the interconnected nature of cybercrime – and the second half of the year saw organizations continuing to struggle with that reality. The number of potential cyber threats, the pool of already compromised information, and the ease of finding increasingly sophisticated cybercriminal tools continued to snowball throughout the year.

    Download
  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

    Download
  • GBC Issue Brief: The Future of 9-1-1

    A Look Into the Next Generation of Emergency Services

    Download
  • GBC Survey Report: Securing the Perimeters

    A candid survey on cybersecurity in state and local governments

    Download
  • The New IP: Moving Government Agencies Toward the Network of The Future

    Federal IT managers are looking to modernize legacy network infrastructures that are taxed by growing demands from mobile devices, video, vast amounts of data, and more. This issue brief discusses the federal government network landscape, as well as market, financial force drivers for network modernization.

    Download
  • eBook: State & Local Cybersecurity

    CenturyLink is committed to helping state and local governments meet their cybersecurity challenges. Towards that end, CenturyLink commissioned a study from the Government Business Council that looked at the perceptions, attitudes and experiences of state and local leaders around the cybersecurity issue. The results were surprising in a number of ways. Learn more about their findings and the ways in which state and local governments can combat cybersecurity threats with this eBook.

    Download

When you download a report, your information may be shared with the underwriters of that document.