VA has new security program

Department of Veterans Affairs

The Department of Veterans Affairs started a proactive vulnerability management program to provide improved cybersecurity at more than 250 facilities nationwide.

Hercules, an automated vulnerability remediation solution offered by Citadel Security Software Inc., is a critical component in a strategy that includes Harris Corp.'s Security Threat Avoidance Technology (STAT) Scanner program as well as a hardware platform provided by Hewlett-Packard Co.

The STAT Scanner probes the network and identifies possible vulnerabilities. Hercules has vulnerability assessment tools for a wide variety of platforms and allows VA personnel to review data from multiple sources before deploying a vulnerability fix.

The arrangement covers 235,000 workstations and servers in the department's network.

VA system administrators can deploy customized solutions for software defects, misconfigurations, unsecured user accounts, unnecessary services and backdoors.

The new strategy will provide more frequent security assessments, reducing risks and ensuring compliance with privacy regulations and internal security standards, officials said. Potential vulnerabilities can more easily be identified and reported to the VA's central incident response center for centralized management.

In addition, the new service will allow individual facilities to quickly respond to security bulletins released by the response center.

Steve Solomon, president and chief executive officer of Citadel, labeled the VA as a government agency "on the cutting edge of technology and security." He said the VA "is demonstrating its commitment to protecting its critical infrastructure by consistently maintaining the best security protection available and setting forth a road map for other agencies to adopt the most comprehensive, effective identification and resolution of vulnerabilities."