VA Needs More Cyber Employees to Support Remote Work and Tackle Shadow IT

The Department of Veterans Affairs is looking to bolster its workforce and improve asset management.

The Subcommittee on Technology Modernization of the House Veterans Affairs Committee held a hearing on Tuesday to discuss what the agency needs to do to protect veterans’ sensitive data.

Kurt DelBene, the Assistant Secretary for Information and Technology and Chief Information Officer, said securing more cybersecurity talent within the VA’s office is paramount.

He testified that they needed to increase the number of people working in the space inside the VA. There was a discussion about our staffing levels relative to other places in the government.

Mark Takano was told by DelBene that budget increases are needed to offer competitive pay for cybersecurity talent.

He said, “It really is around what the base level pay is, whether we can help people on on call pay, and what are the other incentives that we can provide financially.” It’s going to take a long time for us to actually ramp that funding. We need to add talent to our staff. It’s going to take us a while.

The VA leadership stated during the hearing that the Pandemic has made their cybersecurity needs worse as more employees are working remotely. The VA modernization efforts put it in a strong position to support remote security, according to the acting chief information security officer.

Maintaining strong login credentials was one of the common issues discussed. DelBene answered questions about how to manage the information technology assets connected to the VA.

DelBene told Congress of his plans to organize the VA’s Shadow IT network, or systems launched by offices within the VA, to circumvent the agency’s central IT features. There are security concerns and risks when technology is inconsistent.

Taking inventory of all the VA’s IT assets will help patch potential security holes.

He said that they needed to inventory the systems. We need to reach out to the people that manage those systems to find out the requirements.

The director of IT and Security Audits Division with the VA’s Office of Inspector General stated that the VA is identifying assets with the help of scanning remote facilities to registerip addresses to gauge network access points

He said that they are identifying assets connected to the network compared to how the VA scans and monitors it. A lot of that has to do with the local personnel identifying all assets that are connected to the remote facilities, and that’s why we’re looking at local scans at the remote facilities.

The VA IT network will be scanned in order to keep the agency’s security posture intact.

These efforts will contribute to the VA’s new initiatives. According to DelBene, the department is using artificial intelligence technology to help solve veteran health problems.

DelBene said that the VA is looking into policies to protect veterans health information.

He said that we need to think about how we structure data, how we bring that data together into a clear structure across the organization, and then build those access controls and then governance on top.

The hearing comes as Congress is considering proposed legislation to strengthen VA’s cyber standards through independent auditing, a move opposed by agency leadership.