<html>
<body>
<blockquote type=cite class=cite cite=""><font size=3>
<a href="http://www.gcn.com/cgi-bin/udt/im.display.printable?client.id=gcn&story.id=42370" eudora="autourl">
http://www.gcn.com/cgi-bin/udt/im.display.printable?client.id=gcn&story.id=42370</a>
<br><br>
<br>
Data breach report stirs security pot<br><br>
<br>
10/23/06 <br>
By Mary Mosquera,<br><br>
<br>
Davis pushes security bill, calls for OMB to step up efforts<br><br>
<br>
<br><br>
<br><br>
Now that an unflattering report detailing data loss in 19 major agencies
is<br>
public, House Government Reform chairman Tom Davis (R-Va.) is calling
for<br>
action from the administration and Congress. <br>
<br>
The recent committee staff report revealed that some agencies were
clueless<br>
as to what happens to personal data in their care. The vast majority of
data<br>
breaches arose from physical theft of notebook PCs, drives and disks,
or<br>
from unauthorized use of data by employees, the report said. <br>
<br>
Davis said that next he will take a closer look at agencies with the
most<br>
widespread breaches. <br>
<br>
"I'm also intent on reaching out again to those agencies that
reported few<br>
or no incidents. I'm wondering if they simply lack the means to know
if<br>
sensitive information's been compromised," Davis said. <br>
<br>
The Office of Management and Budget needs to act more decisively to
help<br>
agencies secure data, he added. <br>
<br>
"OMB should begin by clarifying and strengthening their
guidance," Davis<br>
said. OMB, meanwhile, is contemplating its next move. <br>
<br>
"We appreciate the recent input of the House Government Reform
Committee and<br>
the inspectors general. We're reviewing these two reports and will use
them<br>
to inform our thinking on potential next steps," said an OMB
spokeswoman. <br>
<br>
OMB has provided some guidance to agencies to safeguard personal
information<br>
since the May theft of a notebook PC, containing data belonging to
millions<br>
of veterans, from the home of a Veterans Affairs Department employee.
<br>
<br>
Davis plans to work with OMB to strengthen agency guidance while
also<br>
pushing through Congress legislation that makes that guidance a
requirement<br>
in addition to other steps. <br>
<br>
The House recently passed the Veterans Identity and Credit Security Act
of<br>
2006, which includes legislation that Davis authored. The bill would<br>
strengthen federal security requirements and provide for notification.
Davis<br>
will offer his legislation as a standalone bill if the Senate does not
pass<br>
the VA security bill when Congress returns next month, he said. <br>
<br>
"Whether the legislation is part of the VA bill or separate, I think
there's<br>
consensus that these are steps we need to take, and take now," Davis
said.<br>
Davis worked with Veterans Affairs chairman Steve Buyer (R-Ind.) to
craft<br>
the security bill. Buyer is negotiating with the Senate on the bill,
a<br>
committee spokeswoman said. <br>
<br>
As the committee staff report proved and VA found in its own experience,
it<br>
is important that agencies inventory all their IT systems to assess
what<br>
data is at risk and what safeguards must be imposed, Buyer said. <br>
<br>
"Agencies need to empower the CIO with authority and responsibility
to<br>
ensure data security compliance," he said. <br>
<br>
Following the flood of security breaches this year, Davis and
ranking<br>
Democrat Henry Waxman (D-Calif.) sought summaries from major agencies
of<br>
data breaches in the past three years to provide a governmentwide
snapshot<br>
of data risk. <br>
<br>
Federal contractors were responsible for many of the data breaches
that<br>
agencies reported, the report said. Davis wants to reaffirm that the
Federal<br>
Information Security Management Act applies to contractors. <br>
<br>
"If necessary, we can amend FISMA to make this even more apparent
and<br>
effective," he said.</font></blockquote></body>
</html>