The Department of Veterans Affairs has announced a plan to encrypt critical data on every laptop computer in the agency within the next month.
According to a release provided to eWEEK by spokesperson Matthew Burns, VA Secretary James Nicholson is announcing a new data security program that will begin immediately.
“I have promised Americas veterans that I intend to make VA information security a model of data security, and this expedited encryption program is a major step in that direction,” Nicholson said in a statement. “A system-wide encryption program will be a tremendous step forward in improving the safety and security of sensitive veteran information.”
The implementation of the program, which will be performed by Systems Made Simple, based in Syracuse, N.Y., will begin with the VAs laptop computers. The company will use encryption from GuardianEdge for the laptops.
Final testing has already started on those machines, and the actual process of encryption will begin on August 18. The process is expected to be completed within one month, the statement said.
Once the laptop encryption is complete, the VA will begin encrypting its desktop computers using software from GuardianEdge and Trust Digital.
According to the release, Secretary Nicholson has directed that advanced enterprise encryption solutions be considered for all VA computers.
“Were starting up immediately. Were going to be doing some initial test and acceptance, and doing some training in the next couple of days,” said Al Nardslico, president and chairman of SMS. He said that as soon as thats finished, within the next couple of days, there will be a full-scale rollout.
Nardslico said his company is the prime contractor for the VA effort, and that hes working with Merlin International and GuardianEdge to carry out the implementation. “There will also be a number of VA people involved,” he said.
Describing his companys qualifications, Nardslico said, “Were a software engineering firm with systems integration expertise. … We have also worked with NAPHSIS [National Association of Public Health Statistics and Information Systems] at the Social Security Administration to develop an encrypted network for birth and death information.”
“We have the solution and a solid team,” Nardslico said. “The solutions are both FIPS 140-2 [Federal Information Processing Standard]-certified.”
He said that key to the solution are two makers of encryption products: “GuardianEdge is handling hard disks and removable devices. Trust Digital is handling the wireless.”
“We are an endpoint solution provider,” said Warren Smith, vice president of marketing for GuardianEdge, in San Francisco. “Well put full-disk encryption and removable storage encryption on 300, 000 machines, including laptops and desktops. …Its among one of our largest deployments ever.”
Smith said his product would allow VA system administrators to set policies on how information is encrypted. While the product performs whole-disk encryption, theres a choice as to whether to encrypt removable storage such as USB drives or optical disks.
Smith also noted that the whole encryption process take place in the background, so users shouldnt notice that their files are being encrypted and decrypted.
“Were very proud to be providing this solution to the VA, and were looking forward to implementing the system and getting it up and running,” Nardslico said. “Were relieved to know that the VA is taking the necessary steps to ensure the protection of our veterans sensitive data,” he added.
Editors Note: This story was updated to include more details from SMS and GuardianEdge.