VA awards cybersecurity contract

The Department of Veterans Affairs has awarded a $103 million contract to a consortium of five small businesses to develop and manage its response to cyberattacks — an innovative approach to deal with hackers that could become a model for other federal agencies.

Known as the VA Security Team (VAST), the consortium won the one-year contract with 10 one-year add-ons for the VA's Computer Incident Response Capability (VA-CIRC). The team, which began its work Aug. 1, will be responsible for protecting the VA's entire network, including hospitals, cemeteries, medical records and insurance.

SecureInfo Corp., a San Antonio-based cybersecurity company that has done similar work for the Defense Department, is leading the joint venture to detect and respond to threats and real-time incidents around the clock.

Other VAST members include:

* Applied Engineering Management Corp., a software development firm.

* DSD Laboratories Inc., a systems engineering firm.

* Seidcon Inc., a company that specializes in certification and accreditation of networks.

* TeamBI Solutions Inc., a security knowledge management company.

Other business partners include Compaq Computer Corp. — now merged with Hewlett-Packard Co. — which is providing hardware; Science Applications International Corp., handling long-distance support; and Signal Corp., which is providing telecommunications support.

"We're the second-largest federal government computing enterprise. The magnitude of our enterprise alone makes it a target of malicious intent," said Bruce Brody, the VA's cybersecurity chief.

The VA has long been a target of hackers. Since January, VA computer systems have blocked more than 2 million virus infection attempts. In the past, the agency has been criticized for its failure to deal with the problem.

A private auditing firm that the VA's inspector general hired easily broke into computers at the agency "dozens of times," gaining total control of data, according to a report submitted to Congress in 2001.

Security bugs plaguing the system have been known for at least five years, a period during which the VA has spent more than $5 billion on information technology. In March 2001, Brody was hired as the associate deputy assistant secretary for cybersecurity to fix the problem.

Brody said VAST would handle incident analysis, management and response for the VA's nationwide system that will include dealing with vulnerabilities and handling computer forensics.

In addition, the consortium will handle managed security services nationwide that will be "mandatory for every hospital."

"The VA is obviously serious about improving its cybersecurity and becoming a world-class system," said John Linton, SecureInfo's chief operating officer.


  • Defense
    Ryan D. McCarthy being sworn in as Army Secretary Oct. 10, 2019. (Photo credit: Sgt. Dana Clarke/U.S. Army)

    Army wants to spend nearly $1B on cloud, data by 2025

    Army Secretary Ryan McCarthy said lack of funding or a potential delay in the JEDI cloud bid "strikes to the heart of our concern."

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.