Cybersecurity

VA sees sharp uptick in cyberattacks

sphere of binary data

The Department of Veterans Affairs is an increasingly popular target for hackers and cyber criminals. Attempts to infiltrate VA networks, or ship malware to VA employees and contractors via phishing emails, are growing exponentially, according to data released by the agency.

There were more than 350 million attempts to infiltrate VA networks in March 2015, up from 15 million in November 2014. The VA blocked almost 1.2 billion pieces of malware targeting VA systems in March, up from 300 million six months ago.

Steph Warren, the top tech official at VA, said the department risks being "overwhelmed" if attacks continue to grow at the current rate of increase. The VA has been releasing top line numbers on cyber infiltration attempts in recent months, so there is a clearer picture of the threats facing VA than those facing other agencies. But Warren pointed out during an April 30 call with reporters, "there is lots and lots of interest, and we are not the only ones seeing this kind of interest." Warren added, "we hope there is some appreciation of the level of threat that is coming at these organizations."

VA is a customer of the Einstein network protection system run by the Department of Homeland Security. Warren said that VA was "aggressively taking advantage" of new features being added to the Einstein toolkit.

Warren also said that VA tech employees are taking a harder line with colleagues who are opening and activating phishing emails by clicking on attachments from unknown senders. Workers who click on phishing emails typically get a chat on proper email precautions and cyber hygiene from an IT staffer that includes an explanation of what could happen if a rogue program were permitted to infect the system. The VA's defenses in combination with Einstein have blocked these inbound intrusion attempts, but Warren stressed that the volume of attacks presented an urgent threat.

"Six months ago, I could not have projected that we would be seeing this volume, this intensity of attacks," he said.

At the same time as it fends off attacks to its network, the VA is mulling how it might move some of its data and operations to commercial cloud environments. Warren said that Office of Information and Technology staff, along with representatives from around the VA -- including the general counsel and inspector general's office --are meeting to develop a cloud computing strategy. A previous plan to move VA email to an HP cloud was scuttled because the VA OIG objected to the records retention schedules contained in the cloud deal.

Warren said he hoped to develop a plan to move high-security and medium-security apps and data to the cloud. "We're not looking for a consensus solution," Warren said. Instead, he wants to clear potential hurdles to moving to the cloud and address objections as they come up. Warren said he hoped to see a first draft of the cloud strategy within 30 days. 

About the Author

Adam Mazmanian is executive editor of FCW.

Before joining the editing team, Mazmanian was an FCW staff writer covering Congress, government-wide technology policy and the Department of Veterans Affairs. Prior to joining FCW, Mazmanian was technology correspondent for National Journal and served in a variety of editorial roles at B2B news service SmartBrief. Mazmanian has contributed reviews and articles to the Washington Post, the Washington City Paper, Newsday, New York Press, Architect Magazine and other publications.

Click here for previous articles by Mazmanian. Connect with him on Twitter at @thisismaz.


Featured

  • Contracting
    8 prototypes of the border walls as tweeted by CBP San Diego

    DHS contractors face protests – on the streets

    Tech companies are facing protests internally from workers and externally from activists about doing for government amid controversial policies like "zero tolerance" for illegal immigration.

  • Workforce
    By Mark Van Scyoc Royalty-free stock photo ID: 285175268

    At OPM, Weichert pushes direct hire, pay agent changes

    Margaret Weichert, now acting director of the Office of Personnel Management, is clearing agencies to make direct hires in IT, cyber and other tech fields and is changing pay for specialized occupations.

  • Cloud
    Shutterstock ID ID: 222190471 By wk1003mike

    IBM protests JEDI cloud deal

    As the deadline to submit bids on the Pentagon's $10 billion, 10-year warfighter cloud deal draws near, IBM announced a legal protest.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.