President Joe Biden has signed into law a bipartisan bill that would direct the Department of Veterans Affairs to secure an independent cybersecurity evaluation of its critical information systems.
In March, Reps. Frank Mrvan, D-Ind.; Nancy Mace, R-S.C.; Susie Lee, D-Nev.; and Andrew Garbarino, R-N.Y; proposed the Strengthening VA Cybersecurity Act of 2022, which will require VA to create a timeline and budget to address any weaknesses identified during the assessment.
The measure also directs the VA secretary to submit a detailed report and implementation plan to Congress within 120 days of the assessment’s release and requires the Government Accountability Office to review VA’s plan and assess whether the timelines and cost estimates are realistic.
According to a report by the Congressional Budget Office, VA will be required to select a contractor to perform cybersecurity assessments and measure the effectiveness of the department’s information security procedures under the legislation.
CBO has estimated that implementing the SVAC Act of 2022 would cost $15 million over a period of five years. The figure includes contractor payment, software and hardware needed to detect cyber vulnerabilities in the department’s networks and devices.