Cybersecurity objectives

VA Releases Five-Pronged Cybersecurity Strategy

The Department of Veterans Affairs has published a cybersecurity strategy aimed at preventing exposure and corruption of veterans’ data.

The strategy outlines five main goals. The first focuses on securing and protecting VA and veteran information. To do so, the agency will work on identifying and tagging sensitive data, protecting at-rest and in-transit data and performing data flow monitoring and management.

The second goal is protecting information systems and assets, the VA said. This objective requires maintaining full visibility and accountability of all hardware and software assets, authenticating users and controlling their access based on assigned roles and responsibilities, and proactively securing VA networks by applying standards and best practices.

Third, the VA wants to leverage innovation to strengthen cybersecurity. Finding new technologies to address challenges and embedding cybersecurity in systems engineering and acquisition processes are top of mind for VA officials.

The fourth goal involves enhancing cybersecurity through partnerships and information sharing. For the VA, this means elevating cybersecurity as a mission and business enabler, promoting mutually beneficial external cybersecurity partnerships and removing barriers to sharing threat information.

Lastly, the VA hopes to empower the agency mission through cybersecurity risk management, which requires addressing known vulnerabilities and risks, refining the existing cybersecurity program through transparency and mission alignment, and fostering a culture of risk-aware planning, thinking and decision-making.

In a statement, VA Secretary Denis McDonough said the strategy provides an agile framework to address current challenges and adapt to emerging threats.