• Latest
  • Trending
  • All
VA continues to struggle with information security, watchdogs say

VA continues to struggle with information security, watchdogs say

November 15, 2019
These inventory trackers will notify you when hard-to-find items are back in stock

These inventory trackers will notify you when hard-to-find items are back in stock

April 15, 2020
Antonov An-225 Mriya: world’s largest cargo plane, history, details

Antonov An-225 Mriya: world’s largest cargo plane, history, details

April 15, 2020
Copperstate Farms Launches International Cannabis Brand DNA Genetics in Arizona Market

Copperstate Farms Launches International Cannabis Brand DNA Genetics in Arizona Market

April 14, 2020
Mzee Moi’s Ksh10B Gift to Gideon

Mzee Moi’s Ksh10B Gift to Gideon

April 14, 2020
Covid Knights: Corporate social purpose in the time of COVID-19

Covid Knights: Corporate social purpose in the time of COVID-19

April 14, 2020
How Tesla And BMW Are Leading A Supply Chain Renaissance With Blockchain

How Tesla And BMW Are Leading A Supply Chain Renaissance With Blockchain

April 14, 2020
Last Mile Delivery Market Worth Observing Growth | UPS, FedEx, SF Express

Last Mile Delivery Market Worth Observing Growth | UPS, FedEx, SF Express

April 14, 2020
LATAM Cargo strengthens European cargo links

LATAM Cargo strengthens European cargo links

April 14, 2020
Ford making reusable hospital gowns from airbag materials as efforts against coronavirus expand

Ford making reusable hospital gowns from airbag materials as efforts against coronavirus expand

April 14, 2020
Don’t Sweat NBC’s Decision to Cut Back on Television Ad Inventory

Don’t Sweat NBC’s Decision to Cut Back on Television Ad Inventory

April 14, 2020
Software firms sharpen focus on AI, big data as IT spending drops

Software firms sharpen focus on AI, big data as IT spending drops

April 14, 2020
Navigating turbulent times in your supply chain (TL:DR version)

Navigating turbulent times in your supply chain (TL:DR version)

April 14, 2020
  • Supply Chain
  • Logistics
  • Warehousing
  • Procurement
  • Shipping
  • More
    • Strategic Sourcing
    • Spend Analysis
    • Inventory
    • Contact Us
No Result
View All Result
United States International Supply Chain Commission
United States International Supply Chain Commission
Home Procurement

VA continues to struggle with information security, watchdogs say

by usiscc
November 15, 2019
in Procurement
0
VA continues to struggle with information security, watchdogs say
493
SHARES
1.4k
VIEWS
Share on FacebookShare on Twitter

Two watchdog agencies told lawmakers Thursday that the Veterans Affairs Department continues to struggle with cybersecurity issues, despite recent improvements.

Audits have identified numerous information security vulnerabilities—and insufficient attempts to remedy them—at the VA, leaders from the Government Accountability Office and the VA Office of Inspector General said during a hearing with the House Veterans’ Affairs Committee’s Technology Modernization Subcommittee.

Those challenges aren’t unique to the VA, said Greg Wilshusen, the GAO’s director of information technology and cybersecurity.

“Where (the VA is) with its information security program is consistent in many ways with many federal agencies,” Wilshusen said. “But I also think, in a couple of areas, it may be a bit beneath the others—particularly when it comes to looking at the length of time it has consistently reported a material weakness.”

The VA was one of 18 federal agencies that had ineffective information security programs in fiscal 2018, according to a report the GAO released this summer. The report assessed 24 agencies, including HHS and the VA, for compliance with the Federal Information Security Modernization Act, a 2014 law focused on information security in federal agencies.

Fiscal year 2018 marked the 17th consecutive year that the VA had reported severe information security weaknesses, according to Wilshusen. Those weaknesses were particularly pronounced in the agency’s security controls for financial systems, including deficiencies in security management, access controls and contingency planning.

“Few agencies, I believe, meet that longevity of that particular weakness,” he said.

The OIG offered a similar sentiment.

An audit by the VA Office of Inspector General in March outlined 28 recommendations for the VA to bring its IT safeguards in compliance with FISMA, such as installing timely security patches, system upgrades and system configurations, as well as improving password management for its databases.

“Most of these recommendations are repeated from previous FISMA audits, as VA has yet to adequately address them,” said Nick Dahl, deputy assistant inspector general for audits and evaluations at the OIG. “To the extent that VA does not properly manage and secure their IT investments, they can become increasingly vulnerable to misuse.”

“The OIG recognizes and appreciates that this is a complex undertaking,” he said.

While information security and privacy are challenges across the federal government, they’re of particular concern for the VA, as the Veterans Health Administration is one of the nation’s largest healthcare systems at more than 1,200 facilities.

“The protection of VA technology and data is not a hypothetical issue or something that occurs in a vacuum,” Susie Lee (D-Nev.) said. “As we encourage veterans to use VA resources … VA must show that it is secure, it can be trusted, and that it has the tools, policies and the leadership to protect veterans’ health data and personal information.”

The VA’s chief information security officer and deputy assistant secretary, Paul Cunningham, joined the agency in January after serving as CISO for the Energy Department.

The VA has struggled to maintain stable IT leadership in recent years, with 10 CIOs since 2004—representing an average tenure of less than two years. That has posed a challenge for some of the VA’s technology modernization and innovation efforts.

“I did notice that there was what looked like remains of silos that may have been there in the past,” Cunningham said of his thoughts when he joined the VA this year. “There’s still some legacy issues that I’ve noted, particularly around the FISMA reports in FY18 or some of the findings from IG, but I also saw some clever ideas.”

One of those ideas involved establishing a risk officer within a new office of quality, process and risk at the VA, who reports on cybersecurity risk to the CIO and the secretary of information, among other tasks.

While acknowledging cybersecurity is challenging, Wilshusen said a particular concern for him is the VA’s trouble validating whether it has corrected a vulnerability.

The VA has completed less than half of a set of 74 recommendations the GAO provided the agency with in 2016, with a total of 42 remaining unresolved. While the VA has submitted information reporting that it had completed 39 of those 42 unresolved actions, the implementations weren’t up to the GAO’s standards.

“When we went in and looked at the evidence provided, it wasn’t sufficient enough for us to confirm the implementation of that recommendation,” Wilshusen said. “Often, it doesn’t seem like (the VA) is validating the effectiveness of its corrective actions.”

He suggested the VA designate an independent person within the agency to review corrective actions, and confirm whether a vulnerability has been addressed before reporting it to the GAO.

Share197Tweet123Share49
usiscc

usiscc

  • Trending
  • Comments
  • Latest
Antonov An-225 Mriya: world’s largest cargo plane, history, details

Antonov An-225 Mriya: world’s largest cargo plane, history, details

April 15, 2020
These inventory trackers will notify you when hard-to-find items are back in stock

These inventory trackers will notify you when hard-to-find items are back in stock

April 15, 2020
‘Significant opportunity’ in Asia as supply chain integrates, consolidates

‘Significant opportunity’ in Asia as supply chain integrates, consolidates

January 3, 2020
These inventory trackers will notify you when hard-to-find items are back in stock

These inventory trackers will notify you when hard-to-find items are back in stock

0
Global Industry Analysis, Size, Share, Growth, Trends, and Forecasts 2016–2024 – ZMR News Reports

Global Industry Analysis, Size, Share, Growth, Trends, and Forecasts 2016–2024 – ZMR News Reports

0
PHOTOS: Ottawa firefighters respond to warehouse fire

PHOTOS: Ottawa firefighters respond to warehouse fire

0
These inventory trackers will notify you when hard-to-find items are back in stock

These inventory trackers will notify you when hard-to-find items are back in stock

April 15, 2020
Antonov An-225 Mriya: world’s largest cargo plane, history, details

Antonov An-225 Mriya: world’s largest cargo plane, history, details

April 15, 2020
Copperstate Farms Launches International Cannabis Brand DNA Genetics in Arizona Market

Copperstate Farms Launches International Cannabis Brand DNA Genetics in Arizona Market

April 14, 2020
  • Privacy Policy
  • Terms of Use
  • Disclaimer
  • DMCA
  • Contact Us

Copyright © 2021 United States International Supply Chain Commission (usiscc.org)

No Result
View All Result
  • Supply Chain
  • Logistics
  • Warehousing
  • Procurement
  • Shipping
  • More
    • Strategic Sourcing
    • Spend Analysis
    • Inventory
    • Contact Us

Copyright © 2021 United States International Supply Chain Commission (usiscc.org)

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Cookie settingsACCEPT
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary
Always Enabled

Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.

Non-necessary

Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.

SAVE & ACCEPT