Veterans Affairs

Cyber gets a boost in VA budget request

Shutterstock image: protected hardware.

The Department of Veterans Affairs, which failed its most recent security audit, is seeking a 16 percent increase in its information security budget for fiscal 2016, as it looks to tighten up controls on the sensitive data of America's veterans.

The VA wants a boost in information security spending from $156 million in 2015 to $180.3 million. The information security budget includes network security, wireless and mobile security, security incident response, as well as related areas records management, privacy, and Freedom of Information Act request processing. It also includes the VA's Continuous Readiness in Information Security Program (CRISP), which is a centralized program to perform IT security updates, manage and configure devices, test applications, and provide training.

Some of these areas overlap with cybersecurity functions, but as a line item, cyber accounts for $53 million of the $180.3 million for information security. That's also a 16 percent increase over fiscal 2015. But even that doesn't get at the true cost of beefing up security at VA.

"Cybersecurity is a team sport," VA CIO Steph Warren said on a conference call with reporters. "We've got dollars identified in the budget that are new tools or new processes, but every single VA employee, and more importantly, the ones out at the medical centers, a large part of their job is doing cyber support and doing activities and actions that are necessary to secure the enterprise."

The Department of Homeland Security is also part of the team. DHS’s $480 million network security service -- including Einstein 3 -- sits outside the VA network, doing deep packet inspection on incoming and outgoing traffic, identifying intrusions, malware, and other attacks. VA is also part of an operations center run by the Department of Health and Human Services in Atlanta that monitors vulnerabilities on connected medical devices.

VA has had some bright spots in security of late. Despite failing the internal audit conducted by the inspector general, an executive summary of a report commissioned from Mandient found that VA was doing a good job of blocking malicious traffic. The VA's January security report indicated that departmental defenses blocked more than 14 million intrusion attempts, 76.4 million suspicious emails, and more than 670 million individual pieces of malware.

The cyber boost is a small piece of the VA's overall $4.1 billion IT budget request – a 6 percent increase over the $3.9 billion spent in fiscal 2015. The biggest chunk of that request -- $2.5 billion – goes to operations and maintenance. That includes replacing old hardware, and a major upgrade to the VA's phone system, which is being put on a cloud-based, Internet protocol platform as part of a 10-year plan that is in the pilot phase. The VA's $505 million proposed budget for new deployments includes $76 million for a new scheduling system, $160 million for the VISTA Evolution project to upgrade its electronic health record, and $20 million for mobile app development, including building a mobile video telehealth capacity.

About the Author

Adam Mazmanian is executive editor of FCW.

Before joining the editing team, Mazmanian was an FCW staff writer covering Congress, government-wide technology policy and the Department of Veterans Affairs. Prior to joining FCW, Mazmanian was technology correspondent for National Journal and served in a variety of editorial roles at B2B news service SmartBrief. Mazmanian has contributed reviews and articles to the Washington Post, the Washington City Paper, Newsday, New York Press, Architect Magazine and other publications.

Click here for previous articles by Mazmanian. Connect with him on Twitter at @thisismaz.


  • Workforce
    White House rainbow light shutterstock ID : 1130423963 By zhephotography

    White House rolls out DEIA strategy

    On Tuesday, the Biden administration issued agencies a roadmap to guide their efforts to develop strategic plans for diversity, equity, inclusion and accessibility (DEIA), as required under a as required under a June executive order.

  • Defense
    software (whiteMocca/

    Why DOD is so bad at buying software

    The Defense Department wants to acquire emerging technology faster and more efficiently. But will its latest attempts to streamline its processes be enough?

Stay Connected