VA Releases New Strategy to Protect Veteran Data
A new cybersecurity strategy, recently unveiled by the Department of Veteran Affairs, is designed to better protect veterans' personal data.
Timed to coincide with Veterans Day, the Department of Veterans Affairs this month rolled out a new cybersecurity strategy aiming to better secure veterans' data.
The new guidance comes a few weeks after the VA partnered with the Cybercrime Support Network, a nonprofit collaboration, to better educate veterans on how to strengthen their online security habits.
The 20-page strategy includes five strategic goals:
- Secure and protect VA and Veteran information
- Protect information systems and assets
- Leverage innovation to strengthen cybersecurity
- Enhance cybersecurity through partnerships and information sharing
- Empower VA mission through cybersecurity risk management
One thing the VA's first goal hopes to achieve is to make it so systems in which veteran data is stored are better secured and monitored. This includes identifying and tagging data, ensuring its protected it at rest and in transit and taking steps to mitigate data loss, either through unauthorized access, spillage, or data exfiltration.
Other elements of the new strategy include reducing the VA's exposure in high-risk areas, facilitating partnerships between other agencies for cybersecurity awareness, and increasing the visibiity and accountability of the VA's hardware/software assets and information systems.
According to the VA, identifying controlled data that needs to be protected, encrypting it and better securing how its transferred, i.e. ports and protocols, is critical, especially as the popularity of telehealth continues.
The new strategy is designed to better safeguard veterans’ data but also help instill servicemembers’ confidence in the VA itself.
“The Veteran experience includes the safeguarding of their information and the protection of the systems that store, process, and transmit data. A compromise could lead to fraudulent activities, exposure of Veteran’s personal information, or the corruption of critical data,” reads part of the new strategy, “More importantly, poor cybersecurity practices will erode the Veteran’s confidence in VA.”
This reduced confidence is driven by a spate of cyberattacks over the last several years but also because veterans are regularly targeted by hackers in identity theft scams. According to the VA, the FTC recorded more than 41,000 incidents of Veteran fraud and identity theft in 2020.
Last month a former Army contractor was sentenced to 151 months in prison after he plead guilty to his role in a conspiracy that resulted in $1.5 million in losses. As part of the campaign, the contractor, Fredrick Brown, stole personally identifiable information belonging to 3,300 Veterans, including names, Social Security numbers, military ID numbers, dates of birth, and contact information.
While Brown's activity occurred years ago, from July 2014 and September 2015, it's still indicative of the levels some are willing to go in order to defraud veterans.
A new AARP report, released this month, found that veterans, military, and their families are roughly 40% more likely to lose money to scams and fraud than the civilian population.