VA 3 Years Late in Granting Infosec Ed Aid

Law Enacted in 2006, First Payment Not Expected Until 2011
VA 3 Years Late in Granting Infosec Ed Aid
Three years after Congress established an educational assistance program for information security at the Department of Veterans Affairs, the VA has not begun to award scholarships or offer and disburse loan repayments under provisions of the Veterans Benefits, Health Care, and Information Technology Act of 2006, the GAO said in a letter issued Friday.

The Government Accountability Office said the initial grant of aid isn't expected until 2011, at least four years after enactment of the legislation.

The letter, addressed to the chairmen and ranking Republicans on the Senate and House Veterans Affairs Committees, said the VA has taken some steps to implement the Information Security Education Assistance Program.

Since 2006, GAO said, the VA has drafted governing regulations, which are being reviewed internally, and has developed a budget impact analysis. After the department's internal review is completed, several additional steps are planned before the regulations are issued, including review by the Office of Management and Budget and a public comment period. Department officials anticipate that the debt-reduction portion of the program will begin, and the first scholarship candidates will be selected, during 2011, GAO said.

The catalyst for the legislation was the May 2006 IT security breach involving a stolen hard drive that contained the personal data on millions of veterans and their dependents, highlighting the seriousness of VA's IT security.

The act authorizes the VA secretary to establish an education assistance program for doctoral students in computer science and computer and electrical engineering to strengthen VA's ability to recruit and retain individuals who have necessary information security skills. The program is to have two parts: a debt-reduction program for VA employees who have recently earned doctoral degrees, and a scholarship program for qualified individuals who must agree to work for the agency on completion of their academic programs.

The agency is authorized to repay up to $16,500 of student loan debt each year for qualified employees up to a total of five years and $82,500. Doctoral students may receive full tuition scholarships plus a monthly stipend for up to five years, not to exceed a total of $200,000. The program expires on July 31, 2017.

VA officials told GAO that, if funds are available, the agency will announce the program and begin seeking candidates in January 2011 for the debt reduction and scholarship components of the program. More time will elapse before any scholarship candidates receive doctoral degrees and are able to apply that educational experience to VA's information security needs.

According to a footnote in the letter, the earliest date to hire a doctoral program graduate who receives a scholarship might be around January 2012. This date assumes that VA selects a graduate at the program's start in January 2011 who is in the last year of doctoral study. A candidate just starting a doctoral program might take considerably longer. For example, Carnegie Mellon University suggests it may take six years to complete a Ph.D. in computer science and the University of Texas, Austin, estimates three to five years.

VA has drafted an impact analysis that estimates the costs for the program and has identified two current staff members who may be eligible for debt repayments. In its impact analysis, VA estimates that the program will cost at least $217,000 by 2015, based on a survey which suggests that the department will have one candidate for the scholarship program and three candidates for the debt reduction program within the next 5 five years. According to VA officials, no funds were allocated to the program in the department's fiscal year 2010 budget.

VA officials told GAO they reviewed the report, and had no comment.

About the Author

Eric Chabrow

Eric Chabrow

Retired Executive Editor, GovInfoSecurity

Chabrow, who retired at the end of 2017, hosted and produced the semi-weekly podcast ISMG Security Report and oversaw ISMG's GovInfoSecurity and InfoRiskToday. He's a veteran multimedia journalist who has covered information technology, government and business.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.