Rep. Nancy Mace (R-S.C.), along with Chairman of the House Committee on Veterans' Affairs' Subcommittee on Technology Modernization Rep. Frank J. Mrvan (D-IN), Rep. Susie Lee (D-NV), and Rep. Andrew Garbarino (R-NY), today introduced the bipartisan Strengthening VA Cybersecurity (SVAC) Act of 2022. The purpose of this legislation is to strengthen cybersecurity at the Department of Veterans Affairs (VA) and protect information technology systems and devices used at VA.
Specifically, the SVAC Act of 2022 requires VA to obtain an independent cybersecurity assessment of its most critical information systems, as well as its cybersecurity posture as a whole. It also requires VA to develop a timeline and budget to fix any weaknesses and deficiencies identified by the report.
A companion measure has been introduced in the Senate by U.S. Senators Jacky Rosen (D-NV) and Marsha Blackburn (R-TN).
“Given Russia's recent aggression and invasion of Ukraine, it is more important than ever that we shore up America's critical cybersecurity, including proactively protecting the healthcare of our veterans against possible cyber attacks from Russia,” said Rep. Nancy Mace.
The Representatives say the SVAC Act of 2022 will:
- Protect against advanced cybersecurity threats, ransomware, denial of service attacks, insider threats, threats from foreign actors, phishing, credential theft and other cyber threats;
- Ensure that the entire Department's IT is covered—including on-premises, remote, cloud-based, and mobile information systems and devices used by, or in support of, Department activities;
- Require the Secretary to submit a detailed report and plan of implementation to Congress within 120 days of the independent assessment; and
- Require the GAO to review VA's plan and evaluate if the cost estimates and timelines are realistic.
For additional information on this legislation, click here.