WASHINGTON, June 9 (UPI) -- Former U.S. Veterans Affairs officials say the huge data breach there could have been avoided with a better IT management structure.
Robert McFarland, who stepped down as the VA's chief information officer before the May 3 theft of sensitive records from a VA career IT specialist's home, told GovExec.com that the database containing the personal information on veterans and active duty military personnel fell outside the direct control of the CIO office.
This setup, in which the department's IT systems and databases are dispersed across its three divisions, is on schedule to be changed, McFarland said, though that won't happen overnight.
"You have these databases out there without any access controls or notifications for when duplications are made ... access is free and open," he said in an interview published by GovExec.com Wednesday. "As bad a hit as the agency is taking right now, it is moving in the right direction."
Technology management at the VA has been a source of contention on Capitol Hill and within the department, the report said.
The department's "federated" IT management model, adopted last year, gives the CIO office line-item budget control, but critics, including House Veterans Affairs Committee Chairman Steve Buyer, R-Ind., argue that the department needs to move toward a "centralized model," GovExec.com said.
