Cybersecurity - Federal News Network

Cybersecurity

Digital padlock icon

Ask the CIO

At VA, cyber dominance is in, cyber compliance is out

Eddie Pool, the acting principal deputy CIO, said a risk-based approach to cybersecurity ensures VA can deliver services to veterans reliably and efficiently.

Cybersecurity

Agencies, IT companies impacted by latest malware from China

Commentary

Cybersecurity in focus: DOJ aggressively investigating contractors’ cybersecurity practices

IT Modernization

Risk and Compliance 2025 Exchange: Diligent’s Jason Venner on moving beyond manual cyber compliance
Insight by Diligent

Commentary

US cyber progress isn’t stalled — it’s evolving

Commentary

How the inefficiencies of TIC 2.0 hinder agencies’ cybersecurity progress

IT Modernization

Risk & Compliance Exchange 2025: Former DOJ lawyer Sara McLean on ensuring cyber compliance under the False Claims Act

Risk and Compliance Exchange 2025 (2)

IT Modernization

Risk & Compliance Exchange: Cyber AB’s Matt Travis on scaling the CMMC ecosystem

[hbidcpodcast podcastid='5732502']

The Department of Veterans Affairs is moving toward a more operational approach to cybersecurity.

This means VA is applying a deeper focus on protecting the attack surfaces and closing off threat vectors that put veterans’ data at risk.

Eddie Pool, the acting principal assistant secretary for information and technology and acting principal deputy chief information officer at VA, said the agency is changing its cybersecurity posture to reflect a cyber dominance approach.

[caption id="attachment_5732442" align="alignright" width="340"]<img class="wp-image-5732442" src="https://federalnewsnetwork.com/wp-content/uploads/2025/12/eddie-pool-240x300.jpg" alt="" width="340" height="425" /> Eddie Pool is the acting principal assistant secretary for information and technology and acting principal deputy chief information officer at the Department of Veterans Affairs.[/caption]

“That's a move away from the traditional and an exclusively compliance based approach to cybersecurity, where we put a lot of our time resources investments in compliance based activities,” Pool said on <a href="https://federalnewsnetwork.com/category/radio-interviews/ask-the-cio/?utm_source=widget&utm_medium=web&utm_content=article&utm_term=recent_cat_posts" target="_blank" rel="noopener">Ask the CIO</a>. “For example, did someone check the box on a form? Did someone file something in the right place? We're really moving a lot of our focus over to the risk-based approach to security, pushing things like zero trust architecture, micro segmentation of our networks and really doing things that are more focused on the operational landscape. We are more focused on protecting those attack surfaces and closing off those threat vectors in the cyber space.”

A big part of this move to cyber dominance is applying the concepts that make up a zero trust architecture like micro segmentation and identity and access management.

Pool said as VA modernizes its underlying technology infrastructure, it will “bake in” these zero trust capabilities.

“Over the next several years, you're going to see that naturally evolve in terms of where we are in the maturity model path. Our approach here is not necessarily to try to map to a model. It's really to rationalize what are the highest value opportunities that those models bring, and then we prioritize on those activities first,” he said. “We're not pursuing it in a linear fashion. We are taking parts and pieces and what makes the most sense for the biggest thing for our buck right now, that's where we're putting our energy and effort.”

One of those areas that VA is focused on is rationalizing the number of tools and technologies it’s using across the department. Pool said the goal is to get down to a specific set instead of having the “31 flavors” approach.

“We're going to try to make it where you can have any flavor you want so long as it's chocolate. We are trying to get that standardized across the department,” he said. “That gives us the opportunity from a sustainment perspective that we can focus the majority of our resources on those enterprise standardized capabilities. From a security perspective, it's a far less threat landscape to have to worry about having 100 things versus having two or three things.”
<h2>The business process reengineering priority</h2>
Pool added that redundancy remains a key factor in the security and tool rationalization effort. He said VA will continue to have a diversity of products in its IT investment portfolios.

“Where we are at is we are looking at how do we build that future state architecture, as elegantly and simplistically as possible so that we can manage it more effectively, they can protect it more securely,” he said.

In addition to standardizing on technology and cyber tools and technologies, Pool said VA is bringing the same approach to business processes for enterprisewide services.

He said over the years, VA has built up a laundry list of legacy technology all with different versions and requirements to maintain.

“We've done a lot over the years in the Office of Information and Technology to really standardize on our technology platforms. Now it's time to leverage that, to really bring standard processes to the business,” he said. “What that does is that really does help us continue to put the veteran at the center of everything that we do, and it gives a very predictable, very repeatable process and expectation for veterans across the country, so that you don't have different experiences based on where you live or where you're getting your health care and from what part of the organization.”

Part of the standardization effort is that VA will expand its use of automation, particularly in processing of veterans claims.

Pool said the goal is to take more advantage of the agency’s data and use artificial intelligence to accelerate claims processing.

“The richness of the data and the standardization of our data that we're looking at and how we can eliminate as many steps in these processes as we can, where we have data to make decisions, or we can automate a lot of things that would completely eliminate what would be a paper process that is our focus,” Pool said. “We're trying to streamline IT to the point that it's as fast and as efficient, secure and accurate as possible from a VA processing perspective, and in turn, it's going to bring a decision back to the veteran a lot faster, and a decision that's ready to go on to the next step in the process.”

Many of these updates already are having an impact on VA’s business processes. The agency said that it <a href="https://news.va.gov/press-room/va-reduces-backlog-of-veterans-waiting-for-va-benefits-by-57/#:~:text=VA%20processed%20an%20all%2Dtime,benefits%2C%20from%20213%2C189%20on%20Jan." target="_blank" rel="noopener">set a new record</a> for the number of disability and pension claims processed in a single year, more than 3 million. That beat its record set in 2024 by more than 500,000.

“We're driving benefit outcomes. We're driving technology outcomes. From my perspective, everything that we do here, every product, service capability that the department provides the veteran community, it's all enabled through technology. So technology is the underpinning infrastructure, backbone to make all things happen, or where all things can fail,” Pool said. “First, on the internal side, it's about making sure that those infrastructure components are modernized. Everything's hardened. We have a reliable, highly available infrastructure to deliver those services. Then at the application level, at the actual point of delivery, IT is involved in every aspect of every challenge in the department, to again, bring the best technology experts to the table and look at how can we leverage the best technologies to simplify the business processes, whether that’s claims automation, getting veterans their mileage reimbursement earlier or by automating processes to increase the efficacy of the outcomes that we deliver, and just simplify how the veterans consume the services of VA. That's the only reason why we exist here, is to be that enabling partner to the business to make these things happen.”

IT Modernization

Risk & Compliance Exchange 2025: HCLSoftware's Mike Khusid on continuous, automated security processes
Insight by HCLSoftware

Screenshot 2025-11-20 111504

IT Modernization

Risk & Compliance Exchange 2025: ExtraHop’s Rob Mathieson on importance of network monitoring
Insight by Extrahop

A video monitor, when active, shows the threat level to the nation's infrastructure in the Department of Homeland Security's National Cybersecurity and Communications Integration Center (NCCIC) in Arlington, Va., Wednesday, Aug. 22, 2018. The center serves as the hub for the federal government's cyber situational awareness, incident response, and management center for any malicious cyber activity. (AP Photo/Cliff Owen)

Cybersecurity

When a cyberattack hits, breakdowns inside the organization may be as dangerous as the hackers themselves

Election 2024 New Hampshire AI Robocalls

Cybersecurity

FCC to vote on reversing cyber rules adopted after Salt Typhoon hack

Commentary

AI is solving problems it’s also creating

white house cybersecurity

Cybersecurity

Congress extends CISA 2015, but path to long-term reauthorization remains murky

Cyber Security Data Protection Business Technology Privacy conceptCyber Security Data Protection Business Technology Privacy concept.

Commentary

Merging zero trust with digital twins: The next frontier in government cyber resilience

Corporate security manager identifies a potential insider threat in a line-up of eight white collar workers. Hacker or spy icon lights up purple. Cybersecurity and human resources challenge concept.

Federal Report

How CyberCorps scholars are navigating a fractured federal job landscape

The word Zero Trust Architecture on a missing puzzle piece

Ask the CIO

Yeske helped change what complying with zero trust means

FILE - In this Aug. 3, 2020, file photo dark clouds and heavy rain sweep over the U.S. Capitol in Washington. The Congressional Budget Office says the federal budget deficit will again hit $3 trillion this year. In an updated forecast, the CBO said the deficit for the current 2021 budget year, which ends Sept. 30, 2021, will be the second largest in history but slightly lower than last year’s record deficit of $3.13 trillion. (AP Photo/J. Scott Applewhite, File)

Cybersecurity

The Congressional Budget Office was hacked. It says it has implemented new security measures

Cloud computing with hand pressing a button on a technology screen

Federal Insights

Indiana’s push toward cyber standards highlights growth of GovRAMP
Insight by GovRAMP

Cybersecurity Maturity Model Certification

Acquisition Policy

Pentagon looks to get pulse of small businesses as CMMC looms

cybersecurity

Cybersecurity

We'll take a look at what the shutdown means for the nation's cyber defenses

Holographic icon of cybersecurity and data protection on internet

Cybersecurity

Trump admin begins developing new cybersecurity strategy

Cybersecurity Water

Cybersecurity

EPA deepens work with water sector amid rising cyber concerns

1 2 3 … 444 Next »