<div dir="ltr"><br clear="all"><div><a href="https://defensesystems.com/cyber/2022/03/new-cyber-bill-calls-shadow-it-assessment-va/363864/">https://defensesystems.com/cyber/2022/03/new-cyber-bill-calls-shadow-it-assessment-va/363864/</a><br></div><div><br></div><div><span id="gmail-docs-internal-guid-58d57ced-7fff-3381-a265-81b919cc1830"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11.5pt;font-family:Arial;color:rgb(51,51,51);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap">New cyber bill calls for shadow IT assessment at VA</span></p><br><br><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11.5pt;font-family:Arial;color:rgb(51,51,51);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap">Adam MazmanianBy Adam Mazmanian,</span></p><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11.5pt;font-family:Arial;color:rgb(51,51,51);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap">Executive Editor</span></p><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11.5pt;font-family:Arial;color:rgb(51,51,51);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap">MARCH 31, 2022 10:49 AM ET</span></p><br><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11.5pt;font-family:Arial;color:rgb(51,51,51);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap">The bill tasks VA with obtaining an independent cybersecurity review of the agency's most critical systems.</span></p><br><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11.5pt;font-family:Arial;color:rgb(51,51,51);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap">A new bipartisan bill would require the Department of Veterans Affairs to contract for an independent cybersecurity assessment of its critical systems with a federally funded research and development center.</span></p><br><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11.5pt;font-family:Arial;color:rgb(51,51,51);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap">The Strengthening VA Cybersecurity Act of 2022 would require VA to obtain assessments of between three and 10 high-impact information systems. The bill specifically calls for a detailed analysis of VA's ability to prevent ransomware and phishing, attacks from foreign threat groups, credential theft, attacks that leverage telework tech and more.</span></p><br><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11.5pt;font-family:Arial;color:rgb(51,51,51);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap">Additionally, the bill calls for an evaluation of the use of shadow IT systems, apps, services and devices by employees and contractors </span></p><br><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11.5pt;font-family:Arial;color:rgb(51,51,51);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap">"According to VA officials, in 2020, regrettably 46,000 veterans had their personal information compromised after hackers breached VA's computer systems," Rep. Frank Mrvan (D-Ind.), chairman of the House Veterans Affairs Committee's panel on technology modernization, said in a statement. "This legislation will move us in the right direction to give VA the tools it needs to effectively protect against new and emerging cybersecurity threats and safeguard our veterans' personal information. "</span></p><br><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11.5pt;font-family:Arial;color:rgb(51,51,51);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap">Rep. Susie Lee (D-Nev.) noted that despite VA's multibillion IT budget, the agency "spends less on cybersecurity than most other agencies, leaving veterans' sensitive information vulnerable to cybercrime. This bipartisan bill is a simple fix that will help strengthen VA's cybersecurity and protect veterans' information."</span></p><br><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11.5pt;font-family:Arial;color:rgb(51,51,51);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap">Under the bill, the VA secretary would submit a report and remediation plan to Congress within 120 days of the completion of the assessment. The Government Accountability Office would be responsible for evaluating VA's cost estimates and timelines for fixing any cybersecurity weaknesses.</span></p><br><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11.5pt;font-family:Arial;color:rgb(51,51,51);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap">The bill is also sponsored by Reps. Nancy Mace (R-S.C.) and Andrew Garbarino (R-N.Y.). A Senate version of the bill was introduced by Sens. Jacky Rosen (D-Nev.) and Marsha Blackburn (R-Tenn.).</span></p></span><br class="gmail-Apple-interchange-newline"></div><div dir="ltr" class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><span></span></div></div></div>