VA Eyes $107M Cybersecurity Budget Boost
The Department of Veterans Affairs is asking for a $107 million boost for its fiscal year 2023 cybersecurity budget to support all areas of its information security program.
VA wants to focus on implementing zero trust security and other security measures to protect its IT systems from ransomware attacks and other security breaches. The agency’s focus on cybersecurity comes as ransomware attackers zero in on health IT systems and hospital networks, which could leave a significant risk to human life.
It also comes as the Biden administration, in mid-2021, issued its cybersecurity executive order following the discovery of the SolarWinds hack, GovCIO reported.
Royce Allen, director of enterprise security architecture at VA, said using outdated cybersecurity models would pose a threat in the current environment. She stated that VA and other government agencies must take advantage of zero trust architectures because it supports continuous identity verification, authorization and authentication.
Under the funding increase request, $43 million of the overall budget boost will be used for information security operations. The resources will be used to implement zero trust security reforms and other steps to improve cybersecurity.
A significant portion of the VA’s cybersecurity budget will be used on modernizing health IT systems. According to the agency’s budget documents, it will modernize the Veterans Health Administration’s medical equipment while improving safety, cybersecurity and compatibility with VA’s electronic health record.
The department will also focus on device security, with the VA noting that there are over 1.03 million discrete medical devices that deliver health care to veterans. Almost $13 million would go towards privacy and records management, and the agency also requested a $13 million increase for Continuous Readiness in Information Security Protection operations.
Tags: cybersecurity cybersecurity budget Department of Veterans Affairs GovCIO Health IT Security information security program Royce Allen zero trust