The Strengthening VA Cybersecurity Act of 2022 was introduced March 30 by Technology Modernization Subcommittee chair Frank Mrvan, D-Ind. It was co-sponsored by Reps. Nancy Mace, R-S.C., Susie Lee, D-N.V. and Andrew Garbarino, R-N.Y.
The bill is intended to boost cybersecurity at the department and protect IT systems and devices in use that hold veterans’ data.
If the legislation passes, it will require the VA to obtain an independent cybersecurity assessment of its most critical information systems, as well as its cybersecurity posture as a whole. It also requires the VA to develop a timeline and budget to fix any weaknesses and deficiencies identified by the report.
A companion measure has been introduced in the Senate by Sens. Jacky Rosen, D-N.V., and Marsha Blackburn, R-Tenn.
Rep. Mrvan said the legislation comes after, in 2020, “regrettably 46,000 veterans had their personal information compromised after hackers breached VA’s computer systems.”
“This is unacceptable, and action must be taken to improve VA’s cybersecurity,” Mrvan said. “This legislation will move us in the right direction to give VA the tools it needs to effectively protect against new and emerging cybersecurity threats and safeguard our veterans’ personal information. I appreciate the close working relationship of my colleagues Rep. Nancy Mace, Rep. Susie Lee, and Rep. Andrew Garbarino, and look forward to continuing to collaborate with you to move this commonsense and bipartisan legislation forward.”
During the 2020 cyberattack on the department, about 46,000 veterans had their personal information, including Social Security numbers exposed, as unauthorized users gained access to an online application for making health care payments.