Scanning the local paper en route to work this morning, I spied the Washington Post's report about the latest batch of swiped veteran data, a phenomenon that feels as common as hikes in gas prices.
According to the report, "a desktop PC containing the personal information of up to 36,000 U.S. military veterans has gone missing from U.S. Department of Veterans Affairs (VA) subcontractor Unisys."
Reading the article, one word stood out to me like Bill Gates at a Mr. Universe pageant: unencrypted. As in the personal data stored on a PC of some 36,000 vets, including their names, their addresses, possibly medical info, their Social Security numbers, was not encrypted. Now encryption may not be the cureall for the problem, but it would certainly be a prudent step in the right direction. InfoWorld Security Adviser Roger Grimes is certainly an advocate of the technology.
It's no wonder that government auditors blasted the VA last June for inadequate security measures - after the U.S. Government Accountability Office (GAO) had hounded the department since 2000 to get its cybersecurity in order.
Might the problem be bureacracy, combined with a general ignorance of IT security amongst some of our nation's lawmakers? That may very well be the case, if you believe the words of the Pedro Cadenas, who resigned from his position of chief information security officer of the VA on June 30.
"The department has no interest in doing the right thing," Cadenas told Government Executive magazine. "I was trained to do things the right way, not the good old boy way. I am having personal difficulty looking veterans in the eye and telling them that things will be OK."
Trite and cliche as it may sound, the good ol' boys hindering the progress of protecting its citizens' personal data need to act, and act now. The Internet is becoming a battlefield in the war on terror. The threat of cyberterrorism is a reality, and although it hasn't become an imminent threat, there's no excuse not to start defending our nation's digital assests now.