Tim McClain, the general counsel of the U.S. Department of Veterans Affairs (VA) since 2001, is resigning under fierce criticism for his hand in creating a fractured security environment that led to a recent data breach involving 26.5 million veterans, Computerworld.com reports.According to the article, McClain’s resignation is effective on Sept. 1. Although recent statements by VA Secretary Jim Nicholson and members of the U.S. Senate Committee on Veterans’ Affairs commended his leadership and service at the agency, Computerworld reports, he was subjected to much criticism recently regarding his views on the agency’s security structure.In one memo from August 2003, McClain said that responsibility for information security under the Federal Information Security Management Act (FISMA) rested not with the VA’s CIO, but with the respective organizations within the agency, Computerworld reports. In another memo in April 2004, McClain recanted his original statement, saying the CIO had the responsibility for ensuring information security, but didn’t have the authority to enforce it across the agency.In an interview, Bruce Brody, former VA CISO from 2001 to 2004, said those two memos and McClain’s opinions led to a fragmented security environment at the VA. “The [opinions] were very protective of the existing culture, and obviously that is the core problem,” he told Computerworld. Compiled by Paul KersteinFor more information, read Data Theft at the VA. Keep checking in at our Security Feed for updated news coverage. Related content news UK government plans 2,500 new tech recruits by 2025 with focus on cybersecurity New apprenticeships and talent programmes will support recruitment for in-demand roles such as cybersecurity technologists and software developers By Michael Hill Sep 29, 2023 4 mins Education Industry Education Industry Education Industry news UK data regulator orders end to spreadsheet FOI requests after serious data breaches The Information Commissioner’s Office says alternative approaches should be used to publish freedom of information data to mitigate risks to personal information By Michael Hill Sep 29, 2023 3 mins Government Cybercrime Data and Information Security feature Cybersecurity startups to watch for in 2023 These startups are jumping in where most established security vendors have yet to go. By CSO Staff Sep 29, 2023 19 mins CSO and CISO Security news analysis Companies are already feeling the pressure from upcoming US SEC cyber rules New Securities and Exchange Commission cyber incident reporting rules don't kick in until December, but experts say they highlight the need for greater collaboration between CISOs and the C-suite By Cynthia Brumfield Sep 28, 2023 6 mins Regulation Data Breach Financial Services Industry Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe