VA reports massive spike in cyber threats targeting agency

With more than a billion instances of malicious code blocked last month, officials fear the agency may eventually be overwhelmed.

The Department of Veterans Affairs blocked more than a billion pieces of malicious software and nearly 358 million network intrusion attempts last month — a massive increase in the volume of attacks targeting VA that could eventually overwhelm the agency’s ability to effectively defend itself.

The volume of malware reported in VA’s Information Security Monthly Activity Report for March represents an 83 percent increase over the last six months. Likewise, the number of intrusion attempts recorded in March represents a 29-fold increase from six months ago. In October 2014, the agency reported slightly more than 206 million instances of malicious code and about 12 million intrusion attempts.

In a monthly call with reporters, VA Chief Information Officer Stephen Warren said if the volume of attacks continues to increase at this rate the agency could eventually be overwhelmed. “If you plot that chart out … we’re on an exponential growth rate,” Warren said. “At some point, if we’re not able to knock this back … I think any agency will run into the point where we may get overwhelmed.”

To put the volume in context, Warren said VA blocks or contains 45 pieces of malware every second of every day. “If something doesn’t happen outside the VA … that’s bringing the volume, the rate of increase and the intensity [down], I don’t know who can withstand something like that,” Warren said. “It is extreme.”


But Warren also said his counterparts across government are seeing similar increases in threat volumes. “It is across the board,” he said. “There doesn’t appear to be any disincentive for an individual or an organization … to come after the VA as well as other organizations for data.”

Warren called on Congress to devise “better disincentives” for cyber criminals to continue increasing the volume of attacks. He also said he shared the March data with the Office of Management and Budget in an effort to start a broader conversation about the volume of attacks agencies are dealing with. “We need to figure out how do we take this on together as a society,” he said.



Latest Podcasts