VA Gets Failing Grade in Cybersecurity…for 16th Year in Row
The Department of Veterans Affairs (VA) is nothing if not consistent when it comes to failure.
The VA has managed to not shore up its computer networks and to fully protect them from hackers for 16 years in a row.
This ignominious distinction was disclosed by the VA’s inspector general (IG), the details of which will be in included in its 2014 audit report that is scheduled to be released next year. The shortcomings mean the VA is not complying with the Federal Information Security Management Act (pdf) (FISMA).
The IG’s 2013 audit report revealed that the agency’s IT operations had 6,000 cybersecurity vulnerabilities that needed fixing. There were 35 recommendations for corrective actions to be taken, including configuration management, incident response, identity and access management, and ongoing monitoring.
Stephen Warren, VA’s chief information officer and executive in charge of the Office of Information and Technology, told Federal News Radio that the 6,000 vulnerabilities isn’t really that large of a number if viewed in the proper context. “If I’m running on a base of 1.2 to 1.4 million devices, and I'm running multiple services on each one of those, you're talking about 70-150 million different things that you're looking vulnerabilities on,” Warren said. “I’ve also got 1,000 enterprise systems we’ve built and deployed. When you talk about 6,000 vulnerabilities, we treat them all as important, but when you look at it on the scale you've got to put some balance in it.”
The IG’s latest admonition notwithstanding, Warren said he believes the VA has reduced the 6,000 vulnerabilities by 21% since they were first brought to light in the IG’s 2013 report.
To Learn More:
VA Fails Cybersecurity Audit for 16th Straight Year (by Jared Serbu, Federal News Radio)
VA Buckles Down on Cyber Security, Program Management (by Henry Kenyon, Information Week)
- Top Stories
- Unusual News
- Where is the Money Going?
- U.S. and the World
- Appointments and Resignations
- Latest News
- Managing Director of the Council on Environmental Quality: Who Is Christy Goldfuss?
- Executive Director of the Office of Faith-Based and Neighborhood Partnerships: Who Is Melissa Rogers?
- Principal Deputy Director of the United States Mint: Who Is Rhett Jeppson?
- Coordinator of the Bureau of International Information Programs: Who is Macon Phillips?
- Acting Under Secretary of the Veterans Benefits Administration: Who Is Tom Murphy?