Telework tool: A DOD innovation goes wide

Technology could help compliance with telework legislation

Agencies could soon find themselves managing more teleworkers: The Senate passed a bill Sept. 30 setting a deadline for determining employees’ eligibility to telework.

Although the bill still has a few hurdles before it becomes law, its chances are good. Managers who are concerned about allowing secure access to employees who aren’t using agency-issued computers have a tool available already, courtesy of the Air Force Research Laboratory.

The Telework Improvements Act of 2010 (H.R. 1722), currently awaiting a House compromise after the Senate’s passage, would give agencies 180 days to determine the eligibility of all employees to telework, establish telework policies and include telework as part of continuity-of-operations plans.

COOP was a concern of the Air Force lab’s Defense Research and Engineering in 2009, when the H1N1 flu pandemic raised the possibility of employees having to work from home. The lab was looking for an inexpensive way to ensure endpoint security.

“The challenge is to enable telework for workers at home without buying them a computer,” said Richard Kutter, a senior electronics engineer at the lab.

The lab developed a bootable CD using Lightweight Portable Security, an inexpensive, easy-to-use tool that had been available in a public edition since 2008. LPS uses open-source software and works with most Windows, Mac and Linux computers to create a nonpersistent, trusted end node for secure browsing, cloud computing or network access.

The Defense Department Office of the Chief Information Officer approved LPS-Remote Access in December 2009 for COOP. More than 30 DOD organizations, with more than 58,000 employees, have adopted it since. A free public version, LPS-Public, has been downloaded more than 35,000 times.

LPS boots a Linux operating system from a live CD and installs nothing on the client computer, running only in RAM to bypass any local malware and leave no record of the session. Its footprint is small, taking up only 124M and requiring only a Pentium II or later processor and 384M of RAM.

Another version of LPS-Remote Access is being developed for the U.S. Cyber Command, recently established at Fort Meade, Md.

About the Author

William Jackson is freelance writer and the author of the CyberEye blog.

The 2014 Federal 100

Get to know the 100 women and men honored this year for going above and beyond in federal IT.

Reader comments

Tue, Oct 26, 2010

There is 1 DoD agency - DISA - that is doing telework to the fullest extent. It is a great model for what all of the Government should be doing.

Wed, Oct 6, 2010 sweerek WPAFB

LPS is called "lightwieght" for many reasons, one being the level of security. LPS only provides security from the kernel on up and in writeable memory. All below the kernel (hardware, BIOS, firmware, etc.) is untrusted. This is supplemented by its bypassing of any resident malware and non-persistance -- the harddrive is not touched and everything remains in RAM. The ATSPI Technology Office offer "heavier" trusted solutions the extend trust down to hardware levels.

Wed, Oct 6, 2010 bwhunan Washington DC

A bootable CD, while an interesting solution, assumes the hardware it is being run on is trusted. A bootable CD does not alleviate security concerns regarding hardware vulnerabilities.

Wed, Oct 6, 2010 sweerek WPAFB

LPS boots without CAC authenication. LPS contains many, layered security measures with LPS-Remote Access having the strongest measures. Both were built per ATSPI's 3 Tenets of Cyber Security. CAC authentication occurs on the server side in order to access restricted content... just like all(?) DoD websites and VPNs.

Wed, Oct 6, 2010 sweerek WPAFB

LPS was created and is supported by SPI. The Air Force Research Laboratory’s ATSPI Technology Office (AFRL/RYT) manages the Director Defense Research and Engineering’s (DDR&E) DoD Software Protection Initiative (SPI). SPI is a Government organization.

Show All Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above