In light of a recent report from the Government Accountability Office (GAO) criticizing the Department of Veterans Affairs' cybersecurity efforts, the agency plans to add $60 million to its information security budget.
That's in addition to the $160 million the VA already spends a year on cybersecurity, not including staff expenses, reports Federal News Radio.
In particular, the new GAO report said the VA has yet to fix network vulnerabilities more than a year after it was made public that the agency has been the target of at least eight intrusions believed backed by foreign nations.
The new money will be used to bolster the agency's configuration management and vulnerability remediation efforts, VA CIO Steph Warren told House Veterans Affairs Committee members Tuesday.
"Since the June 4, 2013, hearing … we have acquired new monitoring capabilities, increased desktop security, and enhanced our speed in detecting and combating challenges," Warren wrote in in his testimony. "Before we activate systems within our network, and before any veteran's information is put into those systems, we take steps that ensure the information is protected to the best of our ability."
Warren told Federal News Radio the new funding is being taken from current project upgrades.
It will be used to bolster field staff's work in identifying and removing unauthorized software, vulnerability and patch management program reporting, tracking and remediation efforts, according to Federal News Radio.
A GAO report from April called for better breach response and one from June found the agency needed improved cybersecurity training.
The latest report found that although the VA had implemented incident-response policies that defined roles and responsibilities, it did not clearly define the authority members of the incident response team hold.
To learn more:
- read the article