Several members of the House have expressed concern today over the Department of Veterans Affairs ’(VA) approach to managing the agency’s cyber risks and cybersecurity strategies, while the head of information security the agency countered that VA cyber programs were on par with those working in other federal agencies. .
“VA is proud to be the largest integrated health care provider in the country. In this role, the AV should be at the forefront of addressing many of these risks and should be a leader in health cybersecurity,” he said. say Rep. Frank Mrvan, D-Ind., Chairman of the House Veterans Affairs Subcommittee on Technological Modernization, to a subcommittee hearing today.
“As VA continues the process of modernizing its IT systems to deliver healthcare, judge disability claims, and provide educational benefits, information security management should be a key component from the outset,” he said. the representative Mrvan.
“The subcommittee is still concerned that VA has not done enough to assess risks and develop long-term information security strategies,” he said.
President Mrvan cited the ongoing challenges within the AV, saying that “numerous reports from the inspector general and the government’s responsibility office continue to cite management failures and lack of internal oversight. recommendations, year after year, seemingly without adequate progress in resolving them. “
Ranking member Matt Rosendale, R-Mont., Also expressed concern about VA’s computing capabilities and cited the relatively small budget for the agency’s Office of Information and Technology as a reason for concern.
“VA has a crucial mission to provide timely benefits and high-quality health care to our veterans. I know the significant information technology requirements go along with that. However, I don’t think the department’s IT capabilities have kept the pace of growth anywhere else, ”Rep. Rosendale said.
Online training on the latest technologies. Learn more
“I don’t measure results in terms of dollars spent, I measure results in terms of results. But even so, the Office of Information and Technology’s budget has been flat for years, while the rest of VA has increased, ”the congressman said.
However, Paul Cunningham, deputy deputy secretary of VA and CISO for the agency, said he felt that “VA is at or slightly above the rest of the federal space” with regard to its program of cybersecurity.
“My work with the Department of Energy and my discussions with other CISOs, I find that are the challenges we see [at VA] they are shared equally in the federal space, ”Cunningham said. “While the kind of information we protect is a bit of a challenge, a little different from my counterparts, I think we’re going through the same set of challenges.”
Cunningham said VA has analyzed each of the eight elements of the Federal Information Security Modernization Act (FISMA) of 2014 to improve our understanding of risk from the organization’s mission and system level. This has been a standard discussion, again on cybersecurity, for the last two years I’ve been here. “