In the latest response to the massive laptop data breach that placed the personal information of some 26.5 million veterans and active duty members at risk for identity theft, the Department of Veterans Affairs (VA) announced Monday that all its computers will be encrypted, effective immediately.
Deployment is scheduled to begin Friday and is scheduled to be completed in a month.
"I have promised America's veterans that I intend to make VA information security a model of data security, and this expedited encryption program is a major step in that direction," department Secretary R. James Nicholson said in a statement. "A system-wide encryption program will be a tremendous step forward in improving the safety and security of sensitive information."
The VA awarded a $3.7 million contract to Syracuse, N.Y.-based SMS, a service-disabled, veteran-owned small business that will work with system integrator Merlin International to install encryption solutions from GuardianEdge Technologies and Trust Digital on all VA computers, including desktops and laptops and portable media, including flash drives and CDs, the statement said.
GuardianEdge offers full-disk encryption solutions, while Trust Digital provides encryption software for personal digital assistants (PDAs) and smart phones.
Warren Smith, vice president of marketing for San Francisco-based GuardianEdge, said today that the VA was an ideal candidate for encryption.
"They were looking for something that could completely lock down those endpoint devices," Smith said. "Clearly, mobility and portability of data has changed the paradigm for organizations because you have people traveling all over the world with personal identifiable information. Data is no longer protected by guards, gates and gadgets. It's really leaking out of the physical perimeter of the organization all the time."
Since the theft of the laptop on May 3 from the Aspen Hill, Md. home of a VA employee, Nicholson has promised sweeping measures to prevent a similar incident from occurring in the future.
Changes include the shake-up of personnel in the Office of Policy and Planning, where the breach occurred; hiring a prosecutor to serve as an information security adviser; completing a cyber-security awareness training program for employees; conducting an inventory of all positions that have access to sensitive data and reviewing all laptops to ensure up-to-date security software.
The stolen laptop and external hard drive were turned into the FBI on June 28, and authorities do not believe thieves accessed any of the personal data, which had not been encrypted. Two Maryland men were arrested last week in connection with the theft.
The VA has hired ID Analytics to monitor personal information lost in the theft.