Lawmakers Propose Bill Requiring Independent Review of VA’s Cybersecurity
Lawmakers have proposed legislation that would require the Department of Veterans Affairs to commission a third-party cybersecurity assessment of its information systems.
The Strengthening VA Cybersecurity Act of 2022 would direct the department to enter into an agreement with a federally funded research and development center for a review of between three and 10 high-impact information systems, the bill’s authors said.
FFRDCs are public-private partnership organizations providing research and development capabilities that cannot be effectively met by either the government or private sector alone, according to the Congressional Research Service.
Under the bill’s mandated agreement, the contractor will evaluate VA’s ability to ensure the confidentiality, integrity and availability of information and systems.
The FFRDC will also assess the systems’ resilience against persistent cyber threats, ransomware, denial-of-service attacks, insider threats, foreign threats, phishing, credential theft, cyberattacks targeting the supply chain and threats exploiting telework activity.
Rep. Nancy Mace, one of the bill’s proponents, said in a statement that the SVAC Act of 2022 would help protect the health care systems that support veterans from possible cyberattacks from Russia in light of the invasion of Ukraine.
The bill’s other proponents are Reps. Susie Lee, Andrew Garbarino and Frank Mrvan, the chairman of the House Committee Committee on Veterans’ Affairs’ Subcommittee on Technology Modernization.
Mrvan, citing reports from VA officials, said that hackers compromised the personal information of 46,000 veterans in 2020 by breaching the department’s information systems. He said that the SVAC Act of 2022 will give VA the tools it needs to fend off new and existing cyber threats.
Tags: Andrew Garbarino Congressional Research Service cybersecurity cybersecurity assessment FFRDC Frank Mrvan legislation Nancy Mace SVAC Act of 2022