Veterans Affairs loses cybersecurity migration project lead after DOGE layoffs

The Department of Veterans Affairs was in the middle of a major cloud security migration project when the Department of Government Efficiency fired a key U.S. DOGE Service official tasked with co-leading the work to make the VA.gov platform more digitally secure and compliant with federal cybersecurity standards.

Jonathan Kamens co-led the project with a second USDS employee, who also resigned from the service on Tuesday alongside 20 other legacy employees of USDS rather than work for the rebranded U.S. DOGE Service, according to a person familiar with the matter. 

The project, which was already expected to take a year, could face significant delays without USDS involvement and curtail VA’s ability to defend against hacking threats, said Kamens and the person familiar. Kamens also told the AP on Tuesday that veterans’ sensitive data is at risk of compromise following his layoff.

The IT work could be delayed for several months, estimated the person familiar, who was granted anonymity to be candid about their understanding of the project’s internal proceedings. 

VA press secretary Peter Kasperowicz pushed back on claims that the project would face significant delays or that veterans’ data could be at risk of compromise as a result of Kamens’ layoff.

“VA employs nearly 470,000 people, including hundreds of cybersecurity personnel who are dedicated to keeping the department’s websites and beneficiary data safe 24/7,” Kasperowicz said, disputing the fact that “a single employee — who didn’t even work for VA — would have any impact on VA operations.” 

In an interview with Nextgov/FCW, Kamens said the migration focused on moving the VA.gov website from its current infrastructure into the VA Enterprise Cloud environment, known as VAEC. The project, in essence, was meant to enhance the security of the VA.gov platform and ensure it continues to have necessary security measures in place to better handle troves of sensitive information tied to veterans.

Migrating VA.gov to VAEC is intended to increase security through centralized account management, automated monitoring of cyber threats and enforced compliance with VA security standards, said Kamens.

“I’m confident that the work we were hoping to do as part of this migration would have made the platform more efficient and more maintainable with fewer people,” he said. 

He elected to speak on record as a former federal employee because he believes his job was removed for political reasons and that the move to let him go in the middle of the sensitive work was illegal. He added that he wants to speak publicly to motivate other impacted federal workers to do the same.

Kamens was among dozens of pre-DOGE U.S. Digital Service staffers terminated around a week ago. On his first day in office, President Donald Trump transformed USDS into the U.S. DOGE Service, which, alongside billionaire Trump ally Elon Musk, aims to shrink the federal workforce and slash government waste. The original USDS was set up during the Obama administration to help federal agencies with their technology in the wake of the Healthcare.gov crash.

VA stores massive amounts of personal and medical data from retired servicemembers and their families, which can be a tantalizing target for criminal hackers and nation-state operatives. Lawmakers last year questioned the department’s ability to secure this data from outside threats, given the fact that it is the second largest federal agency and has allocated less than 1% of its budget on cybersecurity operations.

During a House hearing last November, then-VA Chief Information Officer Kurt DelBene said that the cyber-related budget constraints have resulted in the department only having 360 information security officers to secure data across its systems. He noted that an agency of VA’s size would typically need 600-plus ISOs.

VA has also had a troubled history with rolling out major IT projects, and the expected delay in its VAEC migration project comes as the agency looks to restart its beleaguered electronic health record modernization project. Deployments of the new EHR system — which were paused in April 2023 — are expected to resume in mid-2026, although VA officials are still unsure about the ultimate cost or timeframe for completing that project.

The department has laid off 2,400 employees since Feb. 13 following layoffs Tuesday of personnel it deemed non-essential.