President Biden’s nominee to be secretary of the Department of Veterans Affairs, Denis McDonough, says if the Senate confirms him, he will make cybersecurity a top priority at the VA. The Senate will vote on his confirmation soon.
Joe Stenaka, Deputy Chief Information Security Officer, Executive Director for Information Security Operations and Chief Privacy Officer at the Department of Veterans Affairs, discussed some of the major cyber issues the VA is currently up against.
Stenaka said one of the major issues is “an agile adversary that’s always after us, trying to figure out ways to get into our networks.” While the VA did not get hit by the recent SolarWinds breach, Stenaka said it reveals the need for them to work closely with their industry partners and provide secure solutions to their infrastructure.
The SolarWinds attack is a global supply chain problem, Stenaka explained. “You need to look at where these things are being developed, who’s developing them, and following that through,” he said. “The federal government needs to get more involved with industry and make sure that those new required technologies are developed securely and safely.”
The VA does work closely with vendors and industry currently, but Stenaka believes there needs to be a better understanding of critical security requirements. To achieve this, a “whole of government” approach is necessary, as is legislation to further develop supply chain requirements.
Aside from PII (personally identifiable information) of veterans, other components of data privacy at the VA include financial data from benefits programs, healthcare data and data from securing cemetery services, Stenaka said.
Ensuring data privacy at the VA involves employee training on procedures to safeguard veteran data, state-of-the-art technology and a collaborative approach with government, industry and academia, said Stenaka.
Luckily, the VA had no privacy issues while moving from on-premise work to telework at the onset of the COVID-19 pandemic last year. “We used our current technologies, we had enhanced procedures and we have a very trained workforce that really made that seamless for us,” said Stenaka.