Roger Baker, Chief Information Officer & Assistant Secretary for Information and Technology, Department of Veterans Affairs discusses cybersecurity on FedScoopTV.
Why is cyberSecurity such an important part of your organization’s technology priorities?
“The VA holds the personal private information and private health information of about 25 million people … That clearly is a significant piece we need to protect, and it’s something we live everyday inside the VA … Unfortunately, we have a history of not having done a great job of protecting that. We have strengthened that incredibly in the last few years, but with that history, we’re under constant scrutiny. We’re addressing that by being as transparent as we possibly can and as good as we possibly can at protecting that information. We’re trying to set the standard these days for being great in information protection and information privacy.”
Are there security concerns with the rapid adoption of cloud computing in agencies?
“There are security concerns with any technology that you take on, so I look at cloud from that perspective. It’s easy for me at VA, but I think its the mantra that any CIO needs to live by, which is the one thing I cannot give up is the responsibility for the privacy and the protection of the information. So if we put it into the cloud, I have to verify that the protections are adequate for the work that we’re doing. They certainly can be. There’s no difference to me between a cloud implementation and an in-house data center implementation from that perspective. But as long as you recognize that you don’t give up that responsibility. That as the CIO you own the responsibility for the protection that information, then I think you’ll do the right things in moving to cloud or outsourced data centers or any other technology that’s available for us to use in reducing costs and improving services.”
What’s next for cybersecurity? How will innovation change how we manager cyber threats over the next few years?
“We’re clearly on a continued path. If you think of it as a treadmill, somebody keeps pushing the button and increasing the speed … We’re just running faster and faster. We’re in an environment where the threats continually get more sophisticated. … When I first started focusing on cybersecurity in the latest ’80s, the threats then were absolutely miniscule compared to what they are at this point. My focus is on ‘how do you get great at cybersecurity?’ How do you get to the point where it’s a lot easier to attack someone else than my enterprise? … We’ve got to be at the point where we can protect ourselves from both hackers and nation-state attacks, because we are the federal government and that’s going to occur. It’s a continued drumbeat. We have to get better at it.”