Rosen Testifies at House Veterans Affairs’ Subcommittee in Support of Her Bipartisan Bill to Strengthen VA Cybersecurity


WASHINGTON, DC – Today, U.S. Senator Jacky Rosen (D-NV), testified before the House of Representatives’ Veterans’ Affairs Subcommittee on Technology Modernization in support of her bipartisan, bicameral Strengthening VA Cybersecurity Act, which would require the Secretary of Veterans Affairs (VA) to obtain an independent cybersecurity assessment of VA information systems and submit to Congress a plan to address the cybersecurity weaknesses found in the assessment. This legislation was introduced in the House by Representative Frank Mrvan (D-IN), Chairman of the House Veterans’ Affairs Subcommittee on Technology Modernization, alongside Reps. Susie Lee (D-NV), Nancy Mace (R-SC), and Andrew Garbarino (R-NY). Rosen introduced her Senate bill alongside Senator Marsha Blackburn (R-TN).

Below is Senator Rosen’s testimony, as delivered: 

Chairman Mrvan, Ranking Member Banks, distinguished members of the Subcommittee on Technology Modernization; I appreciate the opportunity to speak on this bicameral legislation.

A few months ago, the Administration and our intelligence community warned that Russia is exploring options for cyberattacks targeting the United States. 

Last year, a Russia-linked cybercrime group held the largest fuel pipeline in the U.S. hostage.

The year before that, we saw the SolarWinds attack on the networks of multiple government agencies and private companies – which some experts call the greatest act of cyber espionage in history. 

Cyberattacks against the U.S. are increasing in scope and severity. They target our government institutions, private businesses, schools, hospitals, and critical infrastructure.

And just last week, it was announced by the FBI that they prevented a cyberattack last summer aimed at disrupting the network at Boston Children’s Hospital. 

The hackers behind this attempt were reportedly sponsored by the Iranian government.

We cannot afford to look at cyber attacks simply as a hypothetical anymore. They are a certainty, a very real and recurring threat against our country, our safety, and our security.

In light of these devastating attacks and ongoing threats, we must take proactive steps to enhance our nation’s cybersecurity.

As you all know, the Department of Veterans Affairs is the largest integrated health care network in our country. 

However, the VA spends less – as a percentage of its overall budget – on cybersecurity than any other federal agency. 

The VA is vulnerable. It is a target of cybercriminals, and we are leaving the cyber front door unlocked. 

Our veterans’ data is of great interest to our adversaries, and can be used for financial gain and other types of exploitation — we saw this during the VA data breach in 2020. 

We cannot allow our veterans – those who put their lives on the line to protect our country – to remain unprotected from cyberattacks.

Under current law, the Federal Information Security Modernization Act requires federal agencies to report the yearly status of their information security programs.

While this is useful, this yearly audit has become just another “check-the-box” exercise. It fails to take the threat of cyberattacks seriously, and at the level we believe we need to.

That’s why Chairman Mrvan and I are leading the bipartisan Strengthening VA Cybersecurity Act. This supplements our current efforts to understand the VA’s cyber vulnerabilities and ensure that we protect our veterans’ personal information from malicious cyberattacks. 

This bill would require the Department of Veterans Affairs to obtain an independent cybersecurity assessment from federally funded research and development centers, and submit a plan to Congress to address whatever cybersecurity weaknesses are found.

Our bill has been endorsed by AMVETS and the Paralyzed Veterans of America, and the support continues to build.

I want to commend the HVAC Subcommittee on Technology Modernization for holding this incredibly important hearing, and for taking steps to move the Strengthening VA Cybersecurity Act forward. 

I also want to take a moment to thank Senator Marsha Blackburn, and Representatives Susie Lee, Nancy Mace, and Andrew Garbarino for joining the Chairman and me in co-leading this critical, bipartisan legislation.

We cannot wait another moment to act, and I really look forward to working with my colleagues in the Senate, the members of this committee, and the Department to fortify the cybersecurity of the VA and protect those who’ve sacrificed so much for our nation.

Thank you.