Veterans Affairs

Warren: Cyber won't suffer in VA budget crunch

Shutterstock images (honglouwawa & 0beron): Bitcoin image overlay replaced with a dollar sign on a hardware circuit.

(Honglouwawa & Oberon / Shutterstock)

Despite a looming $2.5 billion shortfall, efforts to maintain cybersecurity at the Department of Veterans Affairs won't face budget cuts, according to the agency's top tech official.

"I don't see there being any impact on what we're doing from a cybersecurity standpoint. This is an area where the deputy secretary is very engaged," Steph Warren, acting head of the Office of Information and Technology, said on a July 1 call with reporters.

Deputy Secretary Sloan Gibson warned Congress in a June 25 hearing of the House Veterans’ Affairs Committee that the department was facing a budget gap, and sought to tap other funding pipelines, including the $10 billion Veterans Choice fund.

The VA was the first large agency to adopt Einstein 3 network protection tools offered by the Department of Homeland Security. The agency has been publicly releasing reports on attempted attacks and breaches for a few months.

In May 2015, the agency blocked more than 330 million intrusion attempts, 550 million pieces of malware, and more than 73 million suspicious or malicious emails.

According to Warren, malware attempts are trending down from a peak in March, as a result of the wider use of Einstein 3. As other agencies register malware profiles with DHS under Einstein, the fewer unknown modes of attack have a chance of getting through the net.

At the same time, the massive theft of Office of Personnel Management data from government systems, including a trove of extremely sensitive security clearance forms, has the VA, like other organizations, looking for other ways to protect their systems.

The VA is in the midst of conducting the "cybersecurity sprint" ordered by the Office of Management and Budget in the wake of the attack. One tricky aspect is implementing two-factor authentication for access to agency systems. Warren said his office has been working with medical staff on how to add this extra security step to the clinical environment, "without doing harm to patients and patient care."

One area of concern is the use of private social media accounts by federal employees and contractors. The VA uses a service to approve websites for access on agency networks. At the same time, there are potential risks associated with images and links inside social media sites, which has led to a review of VA policy on Internet use.

"We need to push the threat further away from our boundaries," Warren said. Curtailing private use of the Internet is "on the table as we talk about strengthening our protections," he said. A final decision is being tabled until new Assistant Secretary for OI&T LaVerne Council, who was recently confirmed by the Senate, is sworn in to her new job on July 7.

Deputy IG retires

In other VA news, Deputy Inspector General Richard Griffin announced his retirement after a federal career spanning 43 years. The news of Griffin's departure was welcomed by VA critics in Congress and among government watchdog groups, who saw Griffin's reports and investigations as timid.

Inside the VA, a group of whistleblowers who reported rigged wait lists for appointments in Phoenix, the over-prescription of opiates at a Wisconsin medical center, and other problems, cheered the news on their Facebook page, VA Truth Tellers. Griffin's departure was one of the goals of the internal whistleblowers, who long complained of inaction on the part of the OIG.

Danielle Brian, executive director of the Project on Government Oversight said, "Instead of being a champion of whistleblowers, Mr. Griffin was part of the VA’s toxic culture of intimidation and retaliation."

In a VA press release, Griffin thanked OIG staff, saying, "Your collective effort and hard work have resulted in a remarkable record of performance and outstanding achievements." 

About the Author

Adam Mazmanian is executive editor of FCW.

Before joining the editing team, Mazmanian was an FCW staff writer covering Congress, government-wide technology policy and the Department of Veterans Affairs. Prior to joining FCW, Mazmanian was technology correspondent for National Journal and served in a variety of editorial roles at B2B news service SmartBrief. Mazmanian has contributed reviews and articles to the Washington Post, the Washington City Paper, Newsday, New York Press, Architect Magazine and other publications.

Click here for previous articles by Mazmanian. Connect with him on Twitter at @thisismaz.


  • Defense
    Ryan D. McCarthy being sworn in as Army Secretary Oct. 10, 2019. (Photo credit: Sgt. Dana Clarke/U.S. Army)

    Army wants to spend nearly $1B on cloud, data by 2025

    Army Secretary Ryan McCarthy said lack of funding or a potential delay in the JEDI cloud bid "strikes to the heart of our concern."

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.