The Veterans Affairs Department experienced a significant surge in cyberthreats in March, Chief Information Officer Stephen Warren said during a Thursday call with reporters.
The department blocked 1.19 billion malware instances and 358 million intrusion attempts into VA systems in March alone, Warren said. This number is up since February, when VA reported blocking 930 million malware instances and 4.3 million intrusion attempts.
If the volume of threats continues to ramp up, Warren said, “any agency will run into the point where we may get overwhelmed.” He added later, “Nothing I do will reduce what’s coming at me one bit.”
Instead, he said, VA will need to scale its cybersecurity to prevent what could be an exponential increase in threats. He said the department has been strengthening its continuous monitoring technology, reinforcing external network connections, and beefing up security training.
When asked about the motivations behind the threats, Warren said his team doesn’t segment threats by cause, focusing instead on withstanding the volume of threats when they come in.
“It is across the board,” he said. “There doesn’t appear to be any disincentive for an individual or an organization “¦ to come after the VA as well as other organizations for data.”
Though he didn’t propose a solution to the problem, Warren said during the call that an expanded cybersecurity budget, as well as a more generous operational budget, might help VA manage an influx of cyberthreats.
Warren noted that he has shared information about the volume of threats with the Office of Management and Budget and says he hopes other agencies will be up front about the threats they face.
“We need to figure out, ‘How do we take this on together as a society?’” Warren said.