Telework and teenagers don't mix

Federal officials say training and auditing are necessary to prevent IT security breaches

As lawmakers work on legislation to bolster federal telework programs, they are grappling with how to manage security threats from employees who use their home computers for government work.

Congress and the Office of Management and Budget are most worried about employees working on home computers with file-sharing software that could expose sensitive government data to millions of people.

Agencies prohibit the use of file-sharing software on government computers and on computers that employees use for official business when they are out of the office. However, employees working on home computers that they share with members of their family might not be aware of all of the programs that others have downloaded.

Teenagers are the biggest users of file-sharing software, such as LimeWire, which lets millions of users exchange music, videos and information ' including sensitive data. Even experienced information technology officials risk accidentally divulging data via peer-to-peer (P2P) file-sharing networks, experts say.

P2P networks automatically search hard drives for files that are available for sharing. If a federal teleworker saves a Microsoft Word document in the same location as files that a son or daughter is sharing on a P2P network, potentially millions of people could gain access to that file.

That's what happened earlier this year when a Transportation Department employee accidentally shared 66 government files while working on a home computer on which her teenage daughter had downloaded LimeWire. Similar situations might explain why data such as Pentagon IT blueprints and information about security clearances are easily obtained on P2P networks.

'The American people would be outraged if they understood what is inadvertently shared by government agencies on P2P networks,' said retired Gen. Wesley Clark, an adviser to Tiversa, an information security company. Clark spoke at a July 24 hearing of the House Oversight and Government Reform Committee.
At that hearing, Daniel Mintz, DOT's chief information officer, said the department has taken several steps to prevent breaches involving P2P networks. Agencies' focus must be on training and oversight, he said.

The way to prevent another incident is through training and auditing to ensure that employees follow DOT's policies, Mintz said. As an additional measure, he said, the department plans to give teleworkers laptop PCs that administrators can easily encrypt and monitor.

The threats associated with P2P networks are potentially widespread, said Stephen O'Keeffe, executive director of the Telework Exchange. More than half of federal employees in a survey published by that organization said they work from home at night or on weekends, O'Keeffe said. More than 50 percent said they used their own computers to do government work.

The culprit is not telework but inadequate training, O'Keeffe said. 'It's a cultural shift associated with the emergence in the workplace of the YouTube generation. If you are opening a backdoor to the system using LimeWire or Kazaa or whatever, you are putting the system and the network at risk. That's a training issue.'

On the day that Mintz and Clark testified about the dangers of P2P networks, OMB asked federal CIOs to review the controls they have in place to manage file-sharing software.

Telework proponents in Congress are focused on security as telework legislation moves ahead. Dan Scandling, aide to Rep. Frank Wolf (R-Va.), who is among the most vocal congressional proponents of telework, said adequate training would provide protection against threats from P2P networks.

Sen. Daniel Akaka (D-Hawaii) said agency telework policies must address the protection of sensitive information. Akaka, who supports the Senate's Telework
Enhancement Act, said agencies must give teleworkers proper security training. That bill is making its way through the Senate.

About the Author

Ben Bain is a reporter for Federal Computer Week.

The 2015 Federal 100

Meet 100 women and men who are doing great things in federal IT.

Featured

  • Shutterstock image (by venimo): e-learning concept image, digital content and online webinar icons.

    Can MOOCs make the grade for federal training?

    Massive open online courses can offer specialized IT instruction on a flexible schedule and on the cheap. That may not always mesh with government's preference for structure and certification, however.

  • Shutterstock image (by edel): graduation cap and diploma.

    Cybersecurity: 6 schools with the right stuff

    The federal government craves more cybersecurity professionals. These six schools are helping meet that demand.

  • Rick Holgate

    Holgate to depart ATF

    Former ACT president will take a job with Gartner, follow his spouse to Vienna, Austria.

  • Are VA techies slacking off on Yammer?

    A new IG report cites security and productivity concerns associated with employees' use of the popular online collaboration tool.

  • Shutterstock image: digital fingerprint, cyber crime.

    Exclusive: The OPM breach details you haven't seen

    An official timeline of the Office of Personnel Management breach obtained by FCW pinpoints the hackers’ calibrated extraction of data, and the government's step-by-step response.

  • Stephen Warren

    Deputy CIO Warren exits VA

    The onetime acting CIO at Veterans Affairs will be taking over CIO duties at the Office of the Comptroller of the Currency.

  • Shutterstock image: monitoring factors of healthcare.

    DOD awards massive health records contract

    Leidos, Accenture and Cerner pull off an unexpected win of the multi-billion-dollar Defense Healthcare Management System Modernization contract, beating out the presumptive health-records leader.

  • Sweating the OPM data breach -- Illustration by Dragutin Cvijanovic

    Sweating the stolen data

    Millions of background-check records were compromised, OPM now says. Here's the jaw-dropping range of personal data that was exposed.

  • FCW magazine

    Let's talk about Alliant 2

    The General Services Administration is going to great lengths to gather feedback on its IT services GWAC. Will it make for a better acquisition vehicle?

Reader comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above