Hosted Collaboration Solutions for Government (HCS-G).

Iron Bow’s HCS-G, powered by Cisco, is a FedRAMP Authorized cloud-based collaboration service built to help you improve communication capabilities, empower your mobile workforce, meet cloud-first mandates and maintain stringent security standards. Check out this video and see how we can help your agency overcome key IT and business challenges.

See what VDI can do for your agency.

The case for Virtual Desktop Infrastructure (VDI) has never been stronger. Agencies are looking for better approaches to securing and managing end-user devices. Check out this infographic and see what’s driving the interest in VDI solutions—and what concerns are slowing agencies down.

@Iron_Bow
About TechSource

Welcome to Iron Bow's TechSource, a blog about the issues facing the government and industry today and the technologies being adopted to help overcome them.

Cyber Security Top Priority for VA CIO

TechSource Editor

November 4, 2014  |  Cyber Security


Hardly a week goes by without news of another security breach affecting millions of citizens and government agencies. Cyber threats continue to grow more sophisticated, and securing customer and consumer data is a challenge many organizations are grappling with. For Steph Warren, CIO of the Department of Veterans Affairs (VA), safeguarding the data the agency holds on Veterans is an obligation he and the agency’s Office of Information and Technology take seriously.

Warren leads the agency around a strategy focused on five key priorities, the first of which is protecting information. VA uses a “defense-in-depth” approach to protecting Veterans’ data, in which administrative, technical and physical security controls are implemented throughout the agency’s systems to provide protection should one control fail or otherwise become vulnerable to exploitation. To secure the vast information network, Warren oversees a staff of 587 information security professionals. Together, these security professionals safeguard 750,000 connected network devices, monitoring 4.5 million emails and 55,000 new malware variants per day. VA has encrypted 100 percent of the 438,394 desktops and laptops on the VA network, removing from the network or fixing unencrypted devices.

VA employs continuous monitor to protect against threats to VA systems and data. VA is one of the first federal agencies to implement continuous monitoring to assess and address the risk statuses of its devices and systems. This includes Trusted Internet Connection (TIC), which improves the agency’s ability to monitor external connections and identify potentially malicious traffic by reducing and consolidating external connections.

In addition to continuous monitoring tools, Warren believes the human element is also important to network security.  In a recent press briefing, he told us he authors a series of emails to all staff geared at teaching principles of safe web surfing, both at home and at work.

With identity theft becoming an increasing concern in the wake of high-profile security breaches, VA is committed to educating Veterans about online security. They’ve launched a program called “More than a Number” geared towards educating Veterans and their beneficiaries on how to protect themselves from identity theft.  In the past, military service members were accustomed to giving out their social security number within the military as a personal identifier, and this practice may make Veterans vulnerable to identify theft if they accidentally reveal personal identity information. The More than a Number program includes a web portal and call center with educational tools and resources about identity theft protection. VA also provides all Veterans with free credit monitoring, and encourages them to actively track their credit reports to ensure no breaches have occurred.

Other cyber security initiatives the VA has undertaken include enterprise visibility that provides real-time visibility to all devices connected to its network, increased security for remote users and web application security. VA works closely with the Office of Inspector General to ensure full compliance with Federal Information Security Management Act (FISMA) requirements, and has established comprehensive plans of action for each FISMA category. They have also established a permanent project team to maintain their Continuous Readiness in Information Security Program (CRISP) to reinforce the culture of security among VA employees.

With so much focus on cyber security, one wonders what security issues still keep Warren up at night.  During our briefing, Warren answered this question revealing his biggest fear is that consumers and Veterans will lose faith in e-commerce amid the frequent reports of data breaches.

“If people stop going to the Internet because they don’t think it’s safe, all the things we’re trying to do to enable delivery of service benefits are going to be impacted. We count on that tool; it is a tremendous saver of resources.” He continued, “If the public loses confidence in whether they can safely do … digital commerce, we’ve got a serious problem because it’s been an engine of innovation and change.. We have got to get our arms around it.”


Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.