The U.S. Department of Veterans Affairs (VA) is "pretty confident" the agency will not have another large data breach like the one in May that could have exposed the personal records of 26.5 million military veterans and family members, the agency\u2019s chief information officer said Monday.The VA has taken several steps to improve its security since the breach, said Robert Howard, who was appointed the VA\u2019s assistant secretary for information and technology just days before a VA laptop and hard drive were stolen from an employee\u2019s home. "There really is an increased awareness throughout the VA," Howard said. "We still have a lot of work to do in that area, but we\u2019ve clearly improved the awareness of folks with respect to treating information the same way they\u2019d want their information treated."Howard, speaking before the American Council for Technology\u2019s Industry Advisory Council in Washington, D.C., also talked about the VA\u2019s IT reorganization, started in March, and accelerated by the data breach. The VA is moving to centralize its IT staff, instead of having divisions within the agency control their own IT functions, addressing a long-time criticism from the U.S. Congress and government auditors.A major cybersecurity concern is employees "not thinking" about risks and the VA is working to educate workers, Howard said. "What leaps right out at you is employee carelessness," he said. "We\u2019ve all been there."Howard, a former major general in the U.S. Army and a former vice president with defense and transportation technology vendor Cubic, called the changes happening in the VA IT organization "very dramatic." Along with the reorganization, Howard now has authority over the VA\u2019s entire IT organization, he said."No more excuses," he said. "We\u2019ve got everything we need. We\u2019ve got the organization, we\u2019ve got the authority, we\u2019ve got the money."Among Howard\u2019s goals are standardization and interoperability of IT systems within the VA, as well as a strengthened focus on security, he said. The ultimate goal is to use IT to better serve VA customers, he added.Part of the reorganization is focused on creating the "gold standard" for data security, Howard said. He was appointed to his position May 1 and the breach happened May 5. VA announced the breach May 22."I didn\u2019t find out about [the breach] until the 16th of May," he said. "That tells you something about our process."Police recovered the laptop and hard drive in late June, and computer forensics experts determined the personal data had not been accessed. But the VA has made several changes, including encryption on laptops not directly used for medical procedures, Howard said. The breach "was a real eye-opener, for government and probably for industry as well," he said. "We\u2019re encrypting everything in sight."Howard said he believes VA should improve the annual grade it receives in IT security given by the House of Representatives Government Reform Committee. The agency has received a failing grade in four of the past five years.When a reporter noted the agency\u2019s score had not been very high in recent years, Howard responded, "It is now."But Howard said he expected the agency\u2019s grade wouldn\u2019t be perfect either. "This stuff\u2019s not going to happen overnight," he said.-Grant Gross, IDG News Service (Washington Bureau)Related Links:\n\nData Theft at the VA (CSOonline.com exclusive feature)\n\nCybersecurity in 2006\n\nCybersecurity: A Job for Uncle SamCheck out our CIO News Alerts and Tech Informer pages for more updated news coverage.