VA’s top IT security executive to retire

The Veteran Affairs Department will see more turnover in its IT department at its senior executive level.

Stan Lowe, VA’s deputy assistant secretary in the Office of Information Security, announced he’s retiring from federal service on Aug 22., after 25 years.

“Though I feel the time is right for me to step away, I know I will miss leading OIS and working with such a passionate and talented group of people. Our workforce has done an outstanding job in the face of significant adversity. In two and a half years, we have made more strides towards improving VA’s information security posture than ever before,” Lowe wrote in an email to colleagues, which Federal News Radio obtained. “These achievements have been recognized externally by our peers and internally by our customers. That is a testament to the tireless work that each of you has put in, day in and day out. I’m honored to have been a part of this great organization and to have worked alongside you all in our fight to protect Veteran information and provide secure care and benefits to America’s heroes.”

Lowe’s decision to retire comes just two days after Steph Warren, the principal deputy assistant secretary for the Office of Information and Technology, announced he’s moving on to become the CIO at the Office of the Comptroller of the Currency.

Advertisement

Lowe’s departure isn’t surprising. There have been rumors since last September that he was looking for a new position in government or industry. But his decision to retire soon after Warren found a new government position indicates new VA CIO LaVerne Council, who has been in her position for less than a month, wants to reshape the staff to her liking. Sources say other executives could be on the way out or reassigned as well in the near future.

Lowe came to VA in 2011 as the deputy director of the interagency program office and became chief information security officer in 2013. Before coming to VA, Lowe was the CIO at the Federal Trade Commission and was the chief of the information security and training branch at the Department of Interior’s Bureau of Land Management. Lowe also worked as the security director for the Inspector General of the Postal Service.

In the role of deputy assistant security for IT security at VA, Lowe oversaw the agency’s security operations and helped implement new tools and services, including the Homeland Security Department’s EINSTEIN 3A tool.

VA, like most agencies, faces a never-ending threat from cyber attacks. The agency reported in May it faced about 1 billion attempts to penetrate their network and other malicious attacks a month.

At the same time, Lowe and Warren were at the center of ongoing concerns by House lawmakers and agency auditors about how well the agency is protecting the data of millions of veterans.

The VA inspector general reported earlier this year that the agency failed its Federal Information Security Management Act audit for the 16th year in a row. This was another in a long-string of IG reports highlighting cyber concerns.

Meanwhile, the House Veterans Affairs Committee has been pressing VA to do more to fix its cyber challenges after about nine nation state intrusions became public in 2013.

It’s not clear who will replace Lowe as head of VA security. Warren brought in Dan Galick, the associate deputy assistant secretary for security operations, in May to be the operational security manager, overseeing the information security officers around the country at VA facilities, the security operations center and running a team under the Continuous Readiness in Information Security Program (CRISP) to work directly with field offices on operational security challenges.