Monday Morning News Kick Off: New VA Breach; Obama Seeks Public Input on Cyber Security and Defining Rules of Cyber Warfare

Welcome to the Monday Morning News Kick Off post on the ITAC blog. As always, we like to compile all the latest news in one location for you – to better kick start your week. This week, we have pulled together some very compelling stories including news of a new VA data breach, the Pentagon working to define rules of cyber warfare, and the Obama administration seeking public input on “game changing” security ideas.

Don’t Be Surprised If More Businesses Start Asking You For Identification
Be prepared to pull out your driver’s license on your next visit to the dentist. And don’t be surprised if a retailer asks for a birth date or mother’s maiden name if it’s giving you credit for your big-ticket purchase. They’re just following federal rules to protect consumers from identity theft. Beginning next month, a wide range of businesses — auto dealers, cell phone companies, real estate agents, mortgage brokers, utilities and health care providers — must start complying with “Red Flag Rules.” The rules are meant to stop fraud before it happens by requiring certain businesses to look for signs that customers might be imposters and, if there are signs that they are, to take action. Read the full Baltimore Sun article here.

VA Reports New Data Breaches
The Veterans Affairs Department has notified lawmakers of two recent data breach incidents, according to a House committee aide. One breach was a contractor’s laptop that was stolen on April 22 and contained unencrypted personal information on 616 veterans. The second breach occurred this month and involved “thousands” of veterans’ personal information at a VA facility, according to the congressional source familiar with the breach, who spoke on the condition of anonymity. Both incidents occurred in Texas. VA chief information officer Roger Baker, however, said in a May 14 interview he was aware of only one breach involving the 616 veterans. He said Congress has not provided the VA with any information on a second incident. Read more from the Federal Times here.

New Mexico Medicaid Security Breach Puts Members’ Data at Risk
The New Mexico Human Services Department is informing about 9,600 members of its Medicaid fee-for-service and Medicaid Salud health plans that their personal information, including Social Security numbers, might have been compromised because of a computer data breach, Modern Healthcare reports. According to a news release, the department was notified of the breach on April 9 by DentaQuest, a dental health plan that provides benefits to New Mexico’s Medicaid beneficiaries. Read the full iHealthBeat article here.

Pentagon Works to Define Rules of Cyber Warfare
The U.S. military may never have a direct answer on when to fire back against a computer-based attack, a top Pentagon leader said Wednesday, reflecting the complex world of cyber warfare. James Miller, the principal deputy undersecretary of defense, said the Pentagon has been working through a range of scenarios, in an effort to come up with rules of war that will work in an attack that can be launched from continents away in milliseconds, and routed through innocent civilians’ computers by unknown assailants. “I do not think we’re going to have a single answer,” Miller said during a speech at Ogilvy Public Relations. He said officials may just have to use their judgment because there are “a lot of gray areas in this field.” Read the full AP story here.

White House Asks Public for Game Changing Cybersecurity Ideas
The Obama administration will open next week a web-based forum to discuss a cybersecurity research and development agenda, according to a notice published in the Federal Register on Thursday. The White House Office of Science and Technology Policy and the National Coordination Office for Networking and Information Technology Research and Development asked the public to submit comments for a “game change” initiative to boost the safety and security of the Internet, telecommunications and computer systems, according to the notice. The administration wants to focus on three areas: to build targeted areas within cyberspace to meet a range of security needs; to increase the cost of a cyberattack to the attacker and enable systems to operate in spite of threats; and to develop appropriate metrics and economic policies to encourage good security practices. Check out the full NextGov article here.

Cybersecurity Gets New Attention from the Hill
It was a year ago this month — May 29 to be exact — that President Barack Obama welcomed a standing-room only crowd to the East Room of the White House to announce his administration’s commitment to a comprehensive new approach to cybersecurity. Declaring that the status quo “no longer is acceptable,” Obama placed a cybersecurity stake in the ground by announcing a number of initiatives, perhaps the most visible of which was creating a new cybersecurity coordinator position to direct national cybersecurity policy from the White House. The new policy and the ceremony itself were greeted by many as an important victory — a sign that a serious and escalating concern had at last won the attention of the nation’s president. Read the full GSN article here.