[BreachExchange] New cyber bill calls for shadow IT assessment at VA

Matthew Wheeler mwheeler at flashpoint-intel.com
Thu Mar 31 11:51:13 EDT 2022 

https://defensesystems.com/cyber/2022/03/new-cyber-bill-calls-shadow-it-assessment-va/363864/

New cyber bill calls for shadow IT assessment at VA


Adam MazmanianBy Adam Mazmanian,

Executive Editor

MARCH 31, 2022 10:49 AM ET

The bill tasks VA with obtaining an independent cybersecurity review of the
agency's most critical systems.

A new bipartisan bill would require the Department of Veterans Affairs to
contract for an independent cybersecurity assessment of its critical
systems with a federally funded research and development center.

The Strengthening VA Cybersecurity Act of 2022 would require VA to obtain
assessments of between three and 10 high-impact information systems. The
bill specifically calls for a detailed analysis of VA's ability to prevent
ransomware and phishing, attacks from foreign threat groups, credential
theft, attacks that leverage telework tech and more.

Additionally, the bill calls for an evaluation of the use of shadow IT
systems, apps, services and devices by employees and contractors

"According to VA officials, in 2020, regrettably 46,000 veterans had their
personal information compromised after hackers breached VA's computer
systems," Rep. Frank Mrvan (D-Ind.), chairman of the House Veterans Affairs
Committee's panel on technology modernization, said in a statement. "This
legislation will move us in the right direction to give VA the tools it
needs to effectively protect against new and emerging cybersecurity threats
and safeguard our veterans' personal information. "

Rep. Susie Lee (D-Nev.) noted that despite VA's multibillion IT budget, the
agency "spends less on cybersecurity than most other agencies, leaving
veterans' sensitive information vulnerable to cybercrime. This bipartisan
bill is a simple fix that will help strengthen VA's cybersecurity and
protect veterans' information."

Under the bill, the VA secretary would submit a report and remediation plan
to Congress within 120 days of the completion of the assessment. The
Government Accountability Office would be responsible for evaluating VA's
cost estimates and timelines for fixing any cybersecurity weaknesses.

The bill is also sponsored by Reps. Nancy Mace (R-S.C.) and Andrew
Garbarino (R-N.Y.). A Senate version of the bill was introduced by Sens.
Jacky Rosen (D-Nev.) and Marsha Blackburn (R-Tenn.).
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20220331/28a26892/attachment.html>

More information about the BreachExchange mailing list