Senate Democrats

Cyber Insecurity

All week, members of the Bush Administration have lashed out at the press. Going behind the bluster, Americans have reason to be concerned about how the government uses – and misuses – their personal information. Despite today’s news that the VA laptop has been recovered, the Bush record on cyber security remains one of blundering mismanagement.

Veterans Affairs Employee Had Permission from Superiors to Bring Sensitive Information Home on a Laptop Computer. “The Veterans Affairs worker faulted for losing veterans’ personal information had permission to access millions of Social Security numbers on a laptop from home, agency documents obtained by the Associated Press show. . . . The department’s documents raise questions as to whether top officials condoned a practice that led to a theft with the potential to affect 26.5 million veterans and active-duty troops. . . .The department said last month it was firing the data analyst, who is now challenging the dismissal. VA officials have said the firing was justified because the analyst violated department procedure by taking the data home; they also said he was ‘grossly negligent’ in handling sensitive information.” [AP, 6/29/06]

Lawyer with No Background in Computer Security and Questionable Connections Heads Cybersecurity for Bush. “The Bush administration’s cybersecurity chief is a contract employee who earns $577,000 under an agreement with a private university that does extensive business with the federal office he manages. . . . Some lawmakers who oversee the department questioned the decision to hire Purdy as acting cybersecurity director. They noted enduring criticism by industry experts and congressional investigators over the department’s performance on cybersecurity matters. . . .Purdy, a longtime lawyer, has held a number of state and federal legal and managerial jobs. He has no formal technical background in computer security.” [Washington Post, 6/29/06]

– A Predecessor of the Current Cybersecurity Chief Resigned Due to the Lack of Attention Paid to Computer Security at Bush’s Homeland Security Department. “The government’s cybersecurity chief has abruptly resigned after one year with the Department of Homeland Security, confiding to industry colleagues his frustration over what he considers a lack of attention paid to computer security issues within the agency. Amit Yoran, a former software executive from Symantec, informed the White House about his plans to quit as director of the National Cyber Security Division and made his resignation effective at the end of Thursday, effectively giving a single’s day notice of his intentions to leave. . . . Yoran has privately described frustrations in recent months to colleagues in the technology industry, according to lobbyists who recounted these conversations on condition they not be identified because the talks were personal.” [USA Today, 10/1/04]

Agriculture Department Security Breached this Month by a Hacker; 26,000 Washington-Area Employees’ Information at Risk. “A hacker broke into the Agriculture Department’s computer system and may have obtained names, Social Security numbers and photos of 26,000 Washington-area employees and contractors, the department said Wednesday. . . . The break-in happened during the first weekend in June, the department said. Technology staff learned of the breach on June 5 and told Johanns the following day but believed personal information was protected by security software, the department said. However, on further analysis, staff concluded that data on current or former employees might have been accessed and informed Johanns on Wednesday, according to the department.” [USA Today, 6/22/06]

Sailors’ Personal Information Discovered on the Internet. “The Navy has begun a criminal investigation after Social Security numbers and other personal data for 28,000 sailors and family members were found on a civilian website. The Navy said Friday the information was in five documents and included people’s names, birth dates and Social Security numbers. Navy spokesman Lt. Justin Cole would not identify the website or its owner, but said the information had been removed. He would not provide any details about how the information ended up on the site.” [USA Today, 6/25/06]

Hacker Steals Names and Social Security Numbers of Nuclear Weapons Workers at the Energy Department; Victims Not Notified. “A hacker stole a file containing the names and Social Security numbers of 1,500 people working for the Energy Department’s nuclear weapons agency. But the incident last September, somewhat similar to recent problems at the Department of Veterans Affairs, was not reported to senior officials until two days ago, officials told a congressional hearing yesterday. None of the victims was notified, they said.” [Washington Post, 6/10/06]