VA security scholarship program delayed until 2011

Program will reimburse a handful of employees for costs of doctoral studies

A program enacted in 2006 to help the Veterans Affairs Department beef up its information security expertise by offering financial assistance to doctoral students and degree-holders still is more than a year away from awarding its first scholarship, according to a report to Congress.

The Information Security Education Assistance Program was created by Congress in the wake of the May 2006 loss of a computer drive that exposed personally identifiable information about millions of veterans and their dependents.

“The incident highlighted the seriousness of weaknesses in the department’s information security,” the Government Accountability Office wrote in a report to Congress on the progress of the program. “In testimony shortly after the breach, we noted that for many years, significant concerns had been raised about VA’s information security — particularly its lack of a robust information security program.”

To address that weakness, the program was included in the Veterans Benefits, Health Care, and Information Technology Act of 2006.

It would allow scholarships of up to $200,000 over five years for students agreeing to go to work at VA and debt repayment of up to $82,500 for current employees. But it has been bogged down in the rule-making process. The department’s general counsel made its first review of the proposed regulations for issuing the money in September but they still must be reviewed by the Office of Management and Budget and offered for public comment.

“VA officials estimate that, after the department addresses these comments and OMB performs another review, the final regulations could be issued in January 2011,” GAO said.

The earliest that a scholarship recipient could start work would be around January 2012, if one of the first recipients already is in the last year of study. Other students could take from three to six years to complete their studies. The program is set to expire in July 2017.

The purpose of the law is to “encourage the recruitment and retention of department personnel who have the information security skills necessary to meet department requirements” by providing “financial support for education in computer science and electrical and computer engineering at accredited institutions of higher education.” This would be done through scholarships for students pursuing doctoral degrees in computer science and electrical and computer engineering, and education debt reduction for VA personnel with recent doctoral degrees.

Scholarships can pay full tuition and a $1,500 monthly stipend, up to $50,000 a year and totaling no more than $200,000. In return, recipients must agree to work for the VA for at least as many years as the scholarship was provided. Debt reimbursement for qualified employees who received doctoral degrees in the past five years can be up to $16,500 a year, or up to $82,500 for five years, beginning after at least one year of employment at VA.

Preference in the program is given to veterans, especially disabled veterans, and students at schools recognized by the National Security Agency as Centers of Academic Excellence in Information Assurance Education.

Regulations are being developed by the VA’s Office of Information and Technology, but GAO reported that as of April 2008, the department’s Office of Regulation Policy and Management had not been updated on the rule-making process for a year. By January 2009 proposed regulations were sent to the VA Office of General Counsel for review, which provided initial comments in September. The rules must next be approved by the Veterans Affairs secretary before going to OMB.

VA has identified two current employees who could be eligible for debt repayment under the program. The department expects to name one scholarship candidate and three candidates for debt reduction over the next five years. Based on that, total costs of the program are estimated at $217,000 through 2015.

2014 Rising Star Awards

Help us find the next generation of leaders in federal IT.

Reader comments

Wed, Jan 6, 2010 Steve

It's not that security-related professional certifications are bad, or that requiring them for persons in security-related positions is wrong; the problem is that people in positions of authority and responsibility aren't required to obtain them, so they remain blissfully ignorant to the risks they face - until the day something bad happens. Even then, they are rarely held accountable for accepting the risk that bit them in the butt.

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above