An August deadline for US government agencies to encrypt
all sensitive data may be too tight, security experts have
warned.
The White House demand for encryption of sensitive information
follows the theft of US Department of Veterans Affairs data on 26.5
million former soldiers.
An investigation by the department’s inspector general, George
Opfer last week slammed a series of mistakes, poor security
measures and an overall lack of care, after the data taken home by
an analyst on a laptop was stolen in a burglary.
Opfer also criticised a chain of officials, up to the
department’s deputy secretary Gordon Mansfield, for waiting nearly
three weeks to reveal the burglary, putting veterans and active
personnel at risk of identity fraud.
US government departments have now been given just 45 days to
put encryption measures in place to prevent similar data securtity
breaches. But encryption software firm PGP warned that this may not
be enough time.
“We’re in favour – it’s a good move that the White House is
getting serious about encrypting data,” said PGP’s EMEA marketing
manager Jamie Cowper.
But he added, “The 45-day window may be a little prohibitive to
actually getting it done.”
He queries whether sufficient funds had been made available –
and whether the money had been pushed out to the various
departments. “Have they done an internal audit to see what needs to
be encrypted? Are there technology guidelines?” he asked.
Cowper warned, “Forty-five days is going to be a very tough
deadline.”
Vote for your IT greats
Who have been the most influential people in IT in the past 40
years? The greatest organisations? The best hardware and software
technologies? As part of Computer Weekly’s 40th anniversary
celebrations, we are asking our readers who and what has really
made a difference?
Vote now at:
www.computerweekly.com/ITgreats