BreachExchange mailing list archives
New cyber bill calls for shadow IT assessment at VA
From: Matthew Wheeler <mwheeler () flashpoint-intel com>
Date: Thu, 31 Mar 2022 11:51:13 -0400
https://defensesystems.com/cyber/2022/03/new-cyber-bill-calls-shadow-it-assessment-va/363864/ New cyber bill calls for shadow IT assessment at VA Adam MazmanianBy Adam Mazmanian, Executive Editor MARCH 31, 2022 10:49 AM ET The bill tasks VA with obtaining an independent cybersecurity review of the agency's most critical systems. A new bipartisan bill would require the Department of Veterans Affairs to contract for an independent cybersecurity assessment of its critical systems with a federally funded research and development center. The Strengthening VA Cybersecurity Act of 2022 would require VA to obtain assessments of between three and 10 high-impact information systems. The bill specifically calls for a detailed analysis of VA's ability to prevent ransomware and phishing, attacks from foreign threat groups, credential theft, attacks that leverage telework tech and more. Additionally, the bill calls for an evaluation of the use of shadow IT systems, apps, services and devices by employees and contractors "According to VA officials, in 2020, regrettably 46,000 veterans had their personal information compromised after hackers breached VA's computer systems," Rep. Frank Mrvan (D-Ind.), chairman of the House Veterans Affairs Committee's panel on technology modernization, said in a statement. "This legislation will move us in the right direction to give VA the tools it needs to effectively protect against new and emerging cybersecurity threats and safeguard our veterans' personal information. " Rep. Susie Lee (D-Nev.) noted that despite VA's multibillion IT budget, the agency "spends less on cybersecurity than most other agencies, leaving veterans' sensitive information vulnerable to cybercrime. This bipartisan bill is a simple fix that will help strengthen VA's cybersecurity and protect veterans' information." Under the bill, the VA secretary would submit a report and remediation plan to Congress within 120 days of the completion of the assessment. The Government Accountability Office would be responsible for evaluating VA's cost estimates and timelines for fixing any cybersecurity weaknesses. The bill is also sponsored by Reps. Nancy Mace (R-S.C.) and Andrew Garbarino (R-N.Y.). A Senate version of the bill was introduced by Sens. Jacky Rosen (D-Nev.) and Marsha Blackburn (R-Tenn.).
_______________________________________________ BreachExchange mailing list sponsored by Risk Based Security BreachExchange () lists riskbasedsecurity com If you wish to Edit your membership or Unsubscribe you can do so at the following link: https://lists.riskbasedsecurity.com/listinfo/breachexchange
Current thread:
- New cyber bill calls for shadow IT assessment at VA Matthew Wheeler (Apr 04)