VA releases new cybersecurity strategy in honor of Veterans Day
The Department of Veterans Affairs released a new cybersecurity strategy ahead of Veteran’s Day as a way to better protect the personal information of US veterans as well as to stop the potential corruption of critical data.
The VA said cybercriminals have long sought access to veterans’ data for a variety of scams and exploitation, prompting the department to make changes to its security.
In 2006, the organization faced a massive data breach affecting the sensitive information of 26.5 million veterans as well as their spouses and family members.
Just last month, the Justice Department sentenced a former medical records technician for the US Army after he was caught accessing personal information from US veterans and using the data to steal millions from benefits sites.
While working as a civilian medical records technician and administrator with the US Army at the 65th Medical Brigade, stationed at Yongsan Garrison in South Korea, 40-year-old Fredrick Brown stole names, Social Security numbers, military ID numbers, dates of birth and contact information for thousands of military members. This occurred between July 2014 and September 2015. US Attorney Ashley Hoff noted that many of the veterans targeted in the scheme were disabled or elderly, since they received more service-related benefits.
The Department of Veterans Affairs said it developed an entirely new strategy to protect veteran data. It uses new frameworks that outline ways they can protect the VA’s most critical business functions and assets while also making them more resilient.
“As we continue to rapidly advance technology across VA, this strategy provides an agile framework to address the challenges of today and adapt to the technologies and threats of tomorrow,” said Secretary of Veterans Affairs Denis McDonough.
“This comprehensive approach practices accountability and transparency, while remaining hypervigilant of cyber threats — charting a course for success at the individual and enterprise levels.”
On top of securing and protecting the data of the VA and veterans, the new plan includes measures to protect information systems and assets, use innovative measures to strengthen the organization’s cybersecurity, partner with other organizations on best practices, and use risk management frameworks to bolster their cybersecurity goals.
The VA added that the new strategy takes into consideration, among other things, “Executive Orders, technological advancements, innovations, and world events that have impacted the way VA delivers services.”
Andrew Barratt, vice president at cybersecurity firm Coalfire, said that the VA provides additional assistance to a number of the company’s employees.
“We’re pleased to see the VA take steps to formalize a refreshed strategy committing to protecting Veterans’ data. Like many cybersecurity strategies, it is high level in nature and focuses on five critical goals,” Barratt said.
Coalfire’s John Dickson added that it’s less about what strategies the VA announces and more about resource allocation and sustained executive focus on cybersecurity.
“Given the 2006 public security breach, other organizational security ‘near misses,’ and the VA’s historical approach to cybersecurity, this is one case where actions most certainly speak louder than words,” Dickson said.