VA Sets Up New Office to Support Information Security Readiness

Published: May 12, 2015

CybersecurityVA

On the heels of more than one billion attempts to plant malware on its networks and almost 360 million network intrusion attempts, VA announced a new program office to ramp up cybersecurity readiness.

Earlier this week, FedScoop reported that the VA had awarded a new $50M contract to support its Continuous Readiness in Information Security Program (CRISP).  In addition, VA has named a senior information security office to head the new CRISP program management office.

ASM Research, a wholly owned subsidiary of Accenture Federal Services, will provide CRISP Support Services to VA under a T4 contract task order awarded in April.

Stephen Warren, VA CIO, named Dan Galik to lead the new CRISP program management office in an internal memo in March. Galik currently oversees the VA Network and Security Operations Center and has held senior security posts at HHS, IRS, NRC and DISA. 

In an interview with FedScoop Galick said, “One of my goals is to instill a sense of urgency,” with reference to VA’s security processes.  Galik wants to mimic work done at the State Department in establishing security scorecards for its embassies.  He would like to develop a security dashboard for the 150 VA medical centers, as well as all VBA regional offices. Galik’s hope is to establish a reporting mechanism that is understandable by VA leadership at each location.   “I have to make this complex area understandable,” stated Galik. One of the CRISP program’s objectives is to arm local security managers with information and metrics regarding their own security position, and give them the ability to easily respond to senior official inquiries.

The challenge is to establish a security posture that doesn’t inhibit or infringe on patient care.  “We don’t want to lock down too much to a degree where they impact patient safety and patient car.  So we always have a proper risk management trade-off,” said Galik.