Fiscal 2015 budget request would boost funding for IT security, but legislators have their doubts.
The Department of Veterans Affairs wants to spend more money in 2015 on information technology, but will another $180 million – a 5 percent increase to $4.03 billion – be enough to shore up VA’s highly publicized IT vulnerabilities?
That was one of the chief concerns lawmakers voiced March 13 at a budget hearing before the House Veterans Affairs Committee, in part because members have continually pressed VA’s leading IT officials over the last 18 months to fix IT security shortcomings that have led to multiple data breaches and compromised VA networks.
Based on its budget request, VA is making a concerted financial effort to improve its IT security posture, requesting $156 million for fiscal 2015, or $33 million more than it is spending in fiscal 2014.
“Will that amount finally assist VA in addressing numerous deficiencies we’ve brought to VA’s attention?” asked Indiana Republican Rep. Jackie Walorski.
VA Secretary Eric Shinseki handed the question off to Stephen Warren, CIO and executive in charge of VA’s Office of Information Technology, who asserted that it would -- but offered no further explanation.
Veterans Affairs and its subcommittees have made more than 10 formal requests for information regarding VA IT security woes since October, and Warren has responded only once. That response answered an Oct. 22 letter, but was deemed insufficient by committee members, a Capitol Hill source said. In total, VA has more than 110 outstanding requests for information on the same subject matter from Congress since June 2012.
The requested influx of cash for VA’s IT security might speak louder than words, though.
The boost includes modest funding increases for VA’s cybersecurity program, Network Operations Center, privacy program, business continuity and security operations center support. The largest jump in funding under VA’s information security spending would go to support mobile applications and wireless security. That component was not previously funded as a distinct line item, but the fiscal 2015 budget requests $25 million. Comparatively, VA would spend $45.4 million on cybersecurity and $45 million on its Network Operations Center.
NEXT STORY: Involving the C-suite in risk management