Author

The Veterans Affairs Department was transmitting sensitive data, including personally identifiable information and internal network routing information, over an unencrypted telecommunications carrier network, according to a March 6 VA Office of Inspector General report (.pdf).

The General Services Administration will beginning March 25 no longer accept new or re-submitted applications for organizations applying to become Third Party Assessment Organizations, a key component of the Federal Risk and Authorization Management Program.

The number of National Security Letters that Google receives from the FBI seeking user data is growing significantly, according to the company's latest transparency report. In 2012, the search engine company saw a 30 percent spike in NSLs from the FBI.

"Effective continuous monitoring of computer workstations allows security issues to be identified and mitigated promptly, reducing the likelihood of a security breach," states the report. "When IRS data and its network are not secured, taxpayer information becomes vulnerable to unauthorized disclosure and theft."

Better coordination of cybersecurity research and development efforts between the public and private sectors is needed to counter growing cyber threats to the United States, according to a Feb. 26 joint congressional hearing of two House Space, Science and Technology subcommittees. That job is better left to Congress and not to the president, says Committee Chairman Lamar Smith (R-Texas).

Although the Defense Department has taken steps to improve in-transit visibility of its assets, no single DoD organization is fully aware of all such efforts. The GAO reviewed 34 of the military's in-transit visibility efforts and found that while DoD conducts "some informal coordination and information sharing" among different defense components that information "is not consistently shared through a formal mechanism."

Getting the Veterans Affairs and Defense departments to share electronic health records by focusing on modernizing their respective systems, rather than developing a single system, is easier said than done, according to Feb. 27 congressional testimony (.pdf) by the Government Accountability Office.

Given the changing nature of cyber threats confronting the United States, policymakers need to provide better guidance and greater clarity regarding active cyber defense options available for both the private and public sectors, argues a new report (.pdf) from the Center for a New American Security.

States and localities effectively exchange data to improve administrative efficiency and client services for federal human services programs, while protecting the beneficiaries' privacy and personal information, according to a Government Accountability Office report (.pdf).

In a Feb. 22 blog posting, Mike O'Neill, OSEHRA board member and senior advisor to the director of the VA's Innovation Initiative, states that VA is "obviously not a vendor and wouldn't prepare or submit a traditional proposal-based RFI response," emphasizing that OSEHRA's "paper is not meant to replace or duplicate any other responses."