Why Can’t We Get This Right

Back in 2006 the theft of a Veterans Affairs laptop containing records of more than 26 million persons was widely reported. This incident brought to the forefront the lack of data security within some Federal government agencies. The cost to the VA has been over $20 million in a settling a class action suit; an expensive lesson.

Three years later, and hundreds of million of dollars spent in my estimate, we still cannot protect laptops (and the data residing on them). The Los Alamos National Laboratory, a nuclear weapons facility in New Mexico, reported in a letter to security officials at the Department of Energy that it is unable to account for 80 computers. The letter went on to state that theft was viewed as a property management issue initial not as a data security matter.

Step 1 in every security program (physical, logical, cyber) is to identify the critical assets (infrastructure, systems, data, intellectual property) you want to protect. Until this lesson is learned we will continue to read about federal agencies losing our data and spending our money to clean up the mess.