Policy Visualization

Bill Overview

Title: Strengthening VA Cybersecurity Act of 2022

Description: This bill requires the Department of Veterans Affairs (VA) to enter into an agreement with a federally funded research and development center to provide a cybersecurity assessment of at least 3, but no more than 10, high-impact VA information systems and the effectiveness of the VA's information security program and information security management system. The VA must submit a plan to Congress to address the findings of the assessment. The Government Accountability Office must review the assessment and the VA's response to the assessment and report its findings to Congress.

Sponsors: Sen. Rosen, Jacky [D-NV]

Target Audience

Population: People who are U.S. military veterans

Estimated Size: 19000000

The VA is responsible for providing healthcare and benefits to U.S. military veterans.
The cybersecurity measures in VA information systems directly affect the security and privacy of veteran data, including medical records and personal information.
According to recent statistics, there are approximately 19 million veterans in the United States.
While not all veterans actively use VA services, a significant portion do, especially those reliant on VA healthcare, which includes over 9 million enrolled veterans annually.
The bill aims to protect the data of veterans who interact with the VA's digital systems.

Reasoning

The policy addresses cybersecurity risks for VA systems, which are critical as they manage sensitive data for around 19 million U.S. veterans.
The budget of $25,000,000 in year one and $397,500,000 over ten years allows for comprehensive assessment and improvements across selected systems.
The policy primarily impacts veterans who use VA services, especially those relying on VA healthcare and interacting with online systems.
Some veterans may not perceive a direct impact on their day-to-day wellbeing associated specifically with cybersecurity measures, even if the measures contribute to overall security and trust.
The benefits of improved cybersecurity will be greater for veterans who actively use the VA's electronic systems for health records, appointments, etc., due to the protection of their personal information.

Simulated Interviews

retired military (Texas)

Age: 68 | Gender: male

Wellbeing Before Policy: 6

Duration of Impact: 10.0 years

Commonness: 10/20

Statement of Opinion:

I am glad the VA is strengthening its cybersecurity. I often worry about the safety of my medical records.
Although I won't notice immediate changes, knowing my information is safer makes me feel more at ease.

Wellbeing Over Time (With vs Without Policy)

Year	With Policy	Without Policy
Year 1	7	6
Year 2	7	6
Year 3	7	5
Year 5	8	5
Year 10	8	4
Year 20	8	4

IT specialist (Washington D.C.)

Age: 34 | Gender: female

Wellbeing Before Policy: 7

Duration of Impact: 5.0 years

Commonness: 8/20

Statement of Opinion:

In my field, cybersecurity is crucial, and it's good to see the VA prioritizing it.
Personally, I think it enhances trust in VA systems, even though I don't use them regularly.

Wellbeing Over Time (With vs Without Policy)

Year	With Policy	Without Policy
Year 1	7	7
Year 2	7	7
Year 3	7	7
Year 5	7	6
Year 10	7	6
Year 20	7	6

Veteran Affairs counselor (Florida)

Age: 50 | Gender: male

Wellbeing Before Policy: 7

Duration of Impact: 10.0 years

Commonness: 12/20

Statement of Opinion:

Many of the veterans I help worry about their information being compromised. This policy should alleviate some of those fears.
I believe it'll help increase the confidence veterans have in our systems.

Wellbeing Over Time (With vs Without Policy)

Year	With Policy	Without Policy
Year 1	8	7
Year 2	8	6
Year 3	8	6
Year 5	8	5
Year 10	9	5
Year 20	9	4

retired nurse (New York)

Age: 74 | Gender: female

Wellbeing Before Policy: 6

Duration of Impact: 3.0 years

Commonness: 7/20

Statement of Opinion:

I feel more protected, but since I don't use a lot of online services, it seems less urgent for me personally.
Hopefully, younger veterans benefit more from these improvements.

Wellbeing Over Time (With vs Without Policy)

Year	With Policy	Without Policy
Year 1	6	6
Year 2	7	6
Year 3	7	6
Year 5	7	6
Year 10	7	6
Year 20	7	5

entrepreneur (California)

Age: 47 | Gender: male

Wellbeing Before Policy: 7

Duration of Impact: 0.0 years

Commonness: 9/20

Statement of Opinion:

The policy sounds good in theory, but it won't affect me much as I don't use VA services frequently.
For others who depend on it daily, I see how it could be beneficial.

Wellbeing Over Time (With vs Without Policy)

Year	With Policy	Without Policy
Year 1	7	7
Year 2	7	7
Year 3	7	7
Year 5	7	7
Year 10	7	7
Year 20	7	7

student (North Carolina)

Age: 29 | Gender: female

Wellbeing Before Policy: 8

Duration of Impact: 8.0 years

Commonness: 13/20

Statement of Opinion:

Enhanced cybersecurity is a step in the right direction, especially given recent data breaches.
It shows the VA is modernizing, which is reassuring for younger vets like me.

Wellbeing Over Time (With vs Without Policy)

Year	With Policy	Without Policy
Year 1	8	8
Year 2	8	8
Year 3	9	8
Year 5	9	7
Year 10	9	7
Year 20	9	6

retired (Ohio)

Age: 82 | Gender: male

Wellbeing Before Policy: 5

Duration of Impact: 0.0 years

Commonness: 5/20

Statement of Opinion:

I appreciate efforts to protect my information, but it doesn't change much for me personally.
My interactions are primarily in-person or via phone.

Wellbeing Over Time (With vs Without Policy)

Year	With Policy	Without Policy
Year 1	5	5
Year 2	5	5
Year 3	5	5
Year 5	5	5
Year 10	5	5
Year 20	5	5

software developer (Illinois)

Age: 41 | Gender: other

Wellbeing Before Policy: 6

Duration of Impact: 10.0 years

Commonness: 11/20

Statement of Opinion:

As someone in IT, I see the necessity of such policies amidst growing cyber threats.
It's comforting that the VA is taking proactive measures to protect our data.

Wellbeing Over Time (With vs Without Policy)

Year	With Policy	Without Policy
Year 1	7	6
Year 2	8	5
Year 3	8	5
Year 5	8	4
Year 10	9	4
Year 20	9	3

nurse (Georgia)

Age: 54 | Gender: female

Wellbeing Before Policy: 7

Duration of Impact: 10.0 years

Commonness: 10/20

Statement of Opinion:

Considering my role, improved cybersecurity is crucial for operational integrity and patient trust.
This policy might increase delays initially but should be beneficial in the long run.

Wellbeing Over Time (With vs Without Policy)

Year	With Policy	Without Policy
Year 1	7	7
Year 2	8	6
Year 3	8	6
Year 5	9	5
Year 10	9	5
Year 20	9	5

engineering student (Virginia)

Age: 25 | Gender: male

Wellbeing Before Policy: 8

Duration of Impact: 8.0 years

Commonness: 15/20

Statement of Opinion:

Security is paramount, and cybersecurity upgrades are very relevant to younger veterans who are tech-savvy.
It's a positive move that may make the VA more efficient and secure.

Wellbeing Over Time (With vs Without Policy)

Year	With Policy	Without Policy
Year 1	8	8
Year 2	9	8
Year 3	9	8
Year 5	9	7
Year 10	9	7
Year 20	9	7

Cost Estimates

Year 1: $25000000 (Low: $20000000, High: $30000000)

Year 2: $30000000 (Low: $25000000, High: $35000000)

Year 3: $35000000 (Low: $30000000, High: $40000000)

Year 5: $40000000 (Low: $35000000, High: $45000000)

Year 10: $50000000 (Low: $45000000, High: $55000000)

Year 100: $50000000 (Low: $45000000, High: $55000000)

Key Considerations

Ensuring the protection of veteran data is a top priority, considering recent increases in cyber threats.
Coordination between VA, federally funded centers, and GAO to ensure timely and cost-effective implementation of the plan.
The choice of systems and scope of assessments must be strategic to ensure the most effective use of funds and focus on high-impact areas.