VA Names New IT Security Chief


VA official Brian Burns is stepping into the CISO role.

The Department of Veterans Affairs has named a new chief information security officer to manage the implementation of a departmentwide strategy designed to close longstanding cyber vulnerabilities.

VA official Brian Burns is stepping into the CISO role, according to a Nov. 6 email from Chief Information Officer LaVerne Council.

Burns will also continue to serve as deputy director of VA’s Interagency Program Office, which oversees efforts to achieve interoperability between VA and Defense Department electronic health records.

Agency watchdogs have called out VA’s handling of information security practices as a "material weakness" for the past 16 years. The agency, which routinely battles millions of malware and intrusion attempts every month, disclosed in 2013 that external espionage groups had successfully infiltrated its networks, although an independent report from the cyber firm Mandiant concluded no data theft had taken place.

A key aim of the department’s new enterprise cybersecurity strategy, which Council submitted to Congress in September, is to address some of those underlying security flaws.

Burns’ “leadership and expertise will be needed as we make a strong push to eliminate our material weakness and secure our employees’ and veterans’ data,” Council said in the email announcing the staff move.

FCW first reported Burns’ appointment. Dan Galik had been serving as acting CISO since August when Stan Lowe retired after about two years on the job.

(Image via voyager624/