Stephen Warren, chief information officer at the Department of Veterans Affairs, has told the House Veterans Affairs Committee that the agency will put $60 million in additional funds towards information security, Federal News Radio reported Tuesday.
Jason Miller reports that amount is on top of the current annual $160 million budget dedicated to staffing, reviews and updates of VA security systems and processes amid feedback from auditors.
“This will provide additional resources to our facilities to implement configuration management as well as vulnerability remediation,” Warren said in response to reports from the Government Accountability Office and VA’s Office of the Inspector General.
Auditors found improvements as well as continued systemic and material vulnerabilities in VA’s information security program, including incident response, forensic analysis reporting, authorities to operate and policy on the network and security operations center’s authority to review data center activity logs, the report said.
Miller writes that the agency is already working with Mandiant to monitor domain controllers.
“Since the June 4, 2013, hearing before the House Veterans Affairs Committee’s subcommittee for oversight and investigations, we have acquired new monitoring capabilities, increased desktop security, and enhanced our speed in detecting and combating challenges,” Warren noted in his testimony.
He also pointed to VA’s continuous monitoring activities and Continuous Readiness in Information Security Program.