New cyber bill calls for shadow IT assessment at VA
The bill tasks VA with obtaining an independent cybersecurity review of the agency's most critical systems.
A new bipartisan bill would require the Department of Veterans Affairs to contract for an independent cybersecurity assessment of its critical systems with a federally funded research and development center.
The Strengthening VA Cybersecurity Act of 2022 would require VA to obtain assessments of between three and 10 high-impact information systems. The bill specifically calls for a detailed analysis of VA's ability to prevent ransomware and phishing, attacks from foreign threat groups, credential theft, attacks that leverage telework tech and more.
Additionally, the bill calls for an evaluation of the use of shadow IT systems, apps, services and devices by employees and contractors
"According to VA officials, in 2020, regrettably 46,000 veterans had their personal information compromised after hackers breached VA's computer systems," Rep. Frank Mrvan (D-Ind.), chairman of the House Veterans Affairs Committee's panel on technology modernization, said in a statement. "This legislation will move us in the right direction to give VA the tools it needs to effectively protect against new and emerging cybersecurity threats and safeguard our veterans' personal information. "
Rep. Susie Lee (D-Nev.) noted that despite VA's multibillion IT budget, the agency "spends less on cybersecurity than most other agencies, leaving veterans' sensitive information vulnerable to cybercrime. This bipartisan bill is a simple fix that will help strengthen VA's cybersecurity and protect veterans' information."
Under the bill, the VA secretary would submit a report and remediation plan to Congress within 120 days of the completion of the assessment. The Government Accountability Office would be responsible for evaluating VA's cost estimates and timelines for fixing any cybersecurity weaknesses.
The bill is also sponsored by Reps. Nancy Mace (R-S.C.) and Andrew Garbarino (R-N.Y.). A Senate version of the bill was introduced by Sens. Jacky Rosen (D-Nev.) and Marsha Blackburn (R-Tenn.).