http://www.washingtonpost.co
m/wp-dyn/content/article/2006/06/27/AR2006062700134.html
By HOPE YEN
The Associated Press
June 27, 2006
WASHINGTON -- Veterans Affairs Secretary Jim Nicholson
promised
Congress on Tuesday he could turn his agency into a
"model for
information security" but said lawmakers will have to
be patient.
Nicholson also said the Bush administration was asking for
at least
$160.5 million in emergency funds for credit monitoring and
other
measures to protect veterans and military troops whose
sensitive
personal information was stolen from a VA employee's laptop
computer.
Besides covering monitoring for about half of the 17.5
million people
whose Social Security numbers were compromised, the money
would pay
for out-of-pocket expenses ranging from $10,000 to $20,000
for those
whose identities are stolen, Nicholson told a House panel.
Under questioning, Nicholson acknowledged that much more
money may be
needed to revamp information security at the VA and other
agencies. He
also left the door open to providing veterans more than one
year of
free credit monitoring following the May 3 burglary at a VA
data
analyst's home.
"Unfortunately, a very bad thing happened,"
Nicholson told a House
Appropriations subcommittee that oversees VA spending.
"I think we can turn VA into the model for information
security," he
added. "I will not try to mislead you and delude. This
will not be
easy and it will not be overnight."
Of the $160.5 million requested for monitoring, Nicholson
said, about
$29 million will be taken from VA funds budgeted in 2006 to
cover
personnel costs at the Veterans Benefit Administration. That
money
would not have been used this year due to hiring plans that
already
had been pushed back to 2007, he added. The other $131.5
million would
be reallocated from other areas of the White House budget.
"It will take some belt tightening. It will not come
out of veterans'
benefits," Nicholson said.
No reports of identity theft have been reported in
connection with the
May 3 theft of a computer from the data analyst's home in
suburban
Maryland. The laptop contained names, birth dates and Social
Security
numbers for up to 26.5 million people.
Last week, the Senate Appropriations Committee approved $160
million
in emergency funds to pay for credit monitoring. It is one
of many
expected payments as the government struggles with fallout
from data
thefts and other breaches now crossing at least six
agencies.
Earlier in the hearing, the House panel was urged to spend
whatever
necessary to avoid undue hardships for data theft victims.
David McIntyre, president and CEO of TriWest Healthcare
Alliance,
which administers the Pentagon's health care program in 21
Western
states, proposed creating a central government "nerve
center" to
assist agencies after any such security breach.
"Unfortunately, as we have all come to realize, the
question is not
whether another incident of information theft will occur but
when,"
McIntyre said. "Events such as these are happening
with increased
regularity _ and, surely, spending a few million to prepare
is
preferable to spending hundreds of millions to react."
Rep. James Walsh, R-N.Y., chairman of the House
subcommittee,
chastised the VA for waiting three weeks to notify veterans
about the
theft. "This represents a significant lapse of time
that could have
been vital to protect identity theft," Walsh said.
In his testimony, Nicholson called the burglary a
"wake-up call" that
should not have come at the expense of veterans, some of
whom have
challenged the free monitoring in court as potentially
inadequate. He
said about half of the affected veterans were expected to
take the
government's offer.
Separately, the VA asked a federal judge to revise his order
barring
the VA from publicizing its free credit monitoring offer.
The VA said
it wished to continue providing information to veterans
through its
Web site and call center and had no intention of asking
veterans to
relinquish their rights to a potentially larger payout in
court.
U.S. District Judge William Bertelsman in Kentucky scheduled
a hearing
for Friday to determine whether the VA should revise its
deal.
The class-action lawsuits, which are pending in Covington,
Ky., and
Washington, seek free monitoring and other credit protection
for an
indefinite period as well as $1,000 in damages for each
person _ or up
to $26.5 billion total.
Stacy Hinners, an attorney representing veterans, said
veterans did
not wish to shut down the call center and Web site but
simply wanted
the VA to be clear what rights veterans would have if they
accepted
the free offer.
Veterans groups and lawmakers from both parties have
criticized the VA
for the theft and noted years of warnings by auditors that
information
security was lax. The data analyst _ who was in the process
of being
dismissed _ had taken the information home on a personal
laptop for
three years.
-=-
On the Net:
For veterans suspecting identity theft: http://www.firstgov.gov
or
1-800-FED-INFO
_________________________________
Attend the Black Hat Briefings and
Training, Las Vegas July 29 - August 3
2,500+ international security experts from 40 nations,
10 tracks, no vendor pitches.
www.blackhat.com
|