The Veterans Affairs Department must find a way to allow VA doctors and other field employees to use iPads and other popular electronic devices or those employees will use the devices anyway and find a way to work around VA procedures, the department's chief information officer told a conference audience Wednesday.
The department now prohibits using the devices for anything that touches veterans' personal information, for fear that Apple's encryption isn't up to snuff and the information could too easily be stolen by a cyber thief.
"I've told my folks I don't want to say 'no' to those devices anymore," CIO Roger Baker said. "I want to know how I say yes."
"Because the [two] big thing[s] you can guarantee for the 100,000 medical residents a year that come in to do training at the VA," Baker said, "is that they're carrying a mobile device and they know where all those great Internet websites are that would help them do their jobs better if only that dumb CIO back in Washington wouldn't insist on crazy rules like veterans' information must be encrypted."
Baker was speaking at a conference on federal information technology sponsored by TechAmerica, an industry group.
Baker's office has launched a pilot program, handing out iPads to a few select employees to be used in situations where security can be looser.
That program is aimed at ensuring the department is sufficiently familiar with the devices by the time security concerns are worked out. One participant is VA Deputy Secretary W. Scott Gould, Baker said.
Baker learned the importance of security practices early during his time at VA, he said, when his chief security officer forced him to stop using a Kindle to read office PDFs during his train commute home.
"That's one huge unencrypted USB stick with no pin," Baker said she told him.
"And that's how you have to think of it," he added later. "If it won't go on a device where you're willing to put all your banking information, your pins, your passwords, [then] don't put veterans' information on it."