Report: VA Cyber Security Weaknesses Continue to Persist

The VA continues to face long-standing challenges in effectively implementing its information security program, according to the GAO’s latest report.

The Department of Veterans Affairs (VA) continues to face long-standing challenges in effectively implementing its information security program, according to the U.S. Government Accountability Office’s (GAO) latest report.

Specifically, the VA had weaknesses in key information security control areas from 2007 to 2013. Those areas include access control, configuration management, segregation of duties, contingency planning and security management.

The number of incidents affecting the VA’s information, computer systems and networks has generally risen over the last several years. Specifically, in fiscal year 2007, the department reported 4,834 information security incidents to US-CERT; in fiscal year 2013, it reported 11,382 incidents. These included incidents related to unauthorized access, denial-of-service attacks; installation of malicious code; improper usage of computing resources; and scans, probes, and attempted access, among others.

The report claims that draft legislation being considered by Congress would address the governance of the VA’s information security program and security controls for the department’s systems. It would require the secretary of the VA to improve transparency and coordination of the department’s security program and ensure the security of its critical network infrastructure, computers and servers, operating systems, and web applications, as well as its core veterans’ health information system.

The VA maintains the largest integrated healthcare system in the nation for approximately six million patients, provides compensation and benefits for about four million veterans and beneficiaries, and maintains about three million grave sites at 164 properties.

If you appreciated this article and want to receive more valuable industry content like this, click here to sign up for our FREE digital newsletters!

Leading in Turbulent Times: Effective Campus Public Safety Leadership for the 21st Century

This new webcast will discuss how campus public safety leaders can effectively incorporate Clery Act, Title IX, customer service, “helicopter” parents, emergency notification, town-gown relationships, brand management, Greek Life, student recruitment, faculty, and more into their roles and develop the necessary skills to successfully lead their departments. Register today to attend this free webcast!

Get Our Newsletters
Campus Safety HQ