Tech

VA reports massive spike in cyber threats targeting agency

With more than a billion instances of malicious code blocked last month, officials fear the agency may eventually be overwhelmed.

By Dan Verton

May 1, 2015

The Department of Veterans Affairs blocked more than a billion pieces of malicious software and nearly 358 million network intrusion attempts last month — a massive increase in the volume of attacks targeting VA that could eventually overwhelm the agency’s ability to effectively defend itself.

The volume of malware reported in VA’s Information Security Monthly Activity Report for March represents an 83 percent increase over the last six months. Likewise, the number of intrusion attempts recorded in March represents a 29-fold increase from six months ago. In October 2014, the agency reported slightly more than 206 million instances of malicious code and about 12 million intrusion attempts.

In a monthly call with reporters, VA Chief Information Officer Stephen Warren said if the volume of attacks continues to increase at this rate the agency could eventually be overwhelmed. “If you plot that chart out … we’re on an exponential growth rate,” Warren said. “At some point, if we’re not able to knock this back … I think any agency will run into the point where we may get overwhelmed.”

To put the volume in context, Warren said VA blocks or contains 45 pieces of malware every second of every day. “If something doesn’t happen outside the VA … that’s bringing the volume, the rate of increase and the intensity [down], I don’t know who can withstand something like that,” Warren said. “It is extreme.”

But Warren also said his counterparts across government are seeing similar increases in threat volumes. “It is across the board,” he said. “There doesn’t appear to be any disincentive for an individual or an organization … to come after the VA as well as other organizations for data.”

Warren called on Congress to devise “better disincentives” for cyber criminals to continue increasing the volume of attacks. He also said he shared the March data with the Office of Management and Budget in an effort to start a broader conversation about the volume of attacks agencies are dealing with. “We need to figure out how do we take this on together as a society,” he said.

(VA)

VA reports massive spike in cyber threats targeting agency

More Like This

CISA’s chief data officer: Bias in AI models won’t be the same for every agency

Cybersecurity executive order requirements are nearly complete, GAO says

How Google Cloud AI and Assured Workloads can enhance public sector security, compliance and service delivery at scale

Top Stories

DOJ seeks public input on AI use in criminal justice system

GSA taps Login.gov deputy director to take top role next month

Scientists must be empowered — not replaced — by AI, report to White House argues

404 page: the error sites of federal agencies

White House hopeful ‘more maturity’ of data collection will improve AI inventories

Generative AI could raise questions for federal records laws

Oracle approved to handle government secret-level data

More Scoops

VA’s new artificial intelligence centers will focus on iteration in AI testing process, agency official says

VA stands to improve payment process for controversial EHR contract, watchdog reports

House appropriators propose $1.9B for VA electronic health record in 2024

VA special salary rate for tech and cybersecurity staff takes effect

Federal courts exploring breach and attack simulation for cyber threats

VA and Oracle Cerner reach agreement on electronic health record contract extension

VA Secretary warns budget cap could hit agency’s telehealth and cyber programs

Latest Podcasts

VA reports massive spike in cyber threats targeting agency

DOD’s Ashley Elizabeth Evans on effectively implementing AI

DHS’ Chris Kraft on emerging trends in AI and automation

IRS’ Danny Werfel discusses automation’s impact

Tech

Defense

Cyber

Acquisition