A House subcommittee will consider a bill next week directing the Veterans Affairs Department to get its cybersecurity house in order.
Specifically, H.R.4370 would require VA’s secretary to better secure the department’s network and web applications, upgrade outdated operating systems and protect applications from unauthorized access.
The Veterans Affairs subcommittee on oversight and investigations is set to mark up the bill on April 8.
“The continued cybersecurity threats within the VA put the personal information of thousands of veterans at risk,” Jackie Walorski, R-Ind, said in a news release. “The security of VA’s network has been an open question for years, and the VA has continually failed to fully comply with recommendations from the Government Accountability Office, the Office of the Inspector General, and even federal law.”
VA has struggled to address longstanding security vulnerabilities, dating back to 2007, according to a recent GAO report. While VA has taken steps to continuously monitor the security of its information systems and implement standard cybersecurity requirements, recent incidents underscore the seriousness of VA’s shortcomings.
In January, a software defect in VA’s eBenefits system improperly allowed users to view the personal information of more than 1,300 veterans and dependents, GAO noted in its report. In 2010, thousands of veterans’ personal information was reportedly at risk after an unencrypted laptop was stolen.
“In a day and age when we increasingly rely on electronic data, failure to protect our veterans’ personal information is not acceptable,” Walorski said. “This legislation will provide the VA with a clear roadmap for immediately securing its system, and I look forward to working with my colleagues on the VA committee to get this legislation passed quickly into law.”