Telework and teenagers don't mix

Federal officials say training and auditing are necessary to prevent IT security breaches

As lawmakers work on legislation to bolster federal telework programs, they are grappling with how to manage security threats from employees who use their home computers for government work.

Congress and the Office of Management and Budget are most worried about employees working on home computers with file-sharing software that could expose sensitive government data to millions of people.

Agencies prohibit the use of file-sharing software on government computers and on computers that employees use for official business when they are out of the office. However, employees working on home computers that they share with members of their family might not be aware of all of the programs that others have downloaded.

Teenagers are the biggest users of file-sharing software, such as LimeWire, which lets millions of users exchange music, videos and information ' including sensitive data. Even experienced information technology officials risk accidentally divulging data via peer-to-peer (P2P) file-sharing networks, experts say.

P2P networks automatically search hard drives for files that are available for sharing. If a federal teleworker saves a Microsoft Word document in the same location as files that a son or daughter is sharing on a P2P network, potentially millions of people could gain access to that file.

That's what happened earlier this year when a Transportation Department employee accidentally shared 66 government files while working on a home computer on which her teenage daughter had downloaded LimeWire. Similar situations might explain why data such as Pentagon IT blueprints and information about security clearances are easily obtained on P2P networks.

'The American people would be outraged if they understood what is inadvertently shared by government agencies on P2P networks,' said retired Gen. Wesley Clark, an adviser to Tiversa, an information security company. Clark spoke at a July 24 hearing of the House Oversight and Government Reform Committee.
At that hearing, Daniel Mintz, DOT's chief information officer, said the department has taken several steps to prevent breaches involving P2P networks. Agencies' focus must be on training and oversight, he said.

The way to prevent another incident is through training and auditing to ensure that employees follow DOT's policies, Mintz said. As an additional measure, he said, the department plans to give teleworkers laptop PCs that administrators can easily encrypt and monitor.

The threats associated with P2P networks are potentially widespread, said Stephen O'Keeffe, executive director of the Telework Exchange. More than half of federal employees in a survey published by that organization said they work from home at night or on weekends, O'Keeffe said. More than 50 percent said they used their own computers to do government work.

The culprit is not telework but inadequate training, O'Keeffe said. 'It's a cultural shift associated with the emergence in the workplace of the YouTube generation. If you are opening a backdoor to the system using LimeWire or Kazaa or whatever, you are putting the system and the network at risk. That's a training issue.'

On the day that Mintz and Clark testified about the dangers of P2P networks, OMB asked federal CIOs to review the controls they have in place to manage file-sharing software.

Telework proponents in Congress are focused on security as telework legislation moves ahead. Dan Scandling, aide to Rep. Frank Wolf (R-Va.), who is among the most vocal congressional proponents of telework, said adequate training would provide protection against threats from P2P networks.

Sen. Daniel Akaka (D-Hawaii) said agency telework policies must address the protection of sensitive information. Akaka, who supports the Senate's Telework
Enhancement Act, said agencies must give teleworkers proper security training. That bill is making its way through the Senate.

About the Author

Ben Bain is a reporter for Federal Computer Week.

The Fed 100

Save the date for 28th annual Federal 100 Awards Gala.

Featured

  • Social network, census

    5 predictions for federal IT in 2017

    As the Trump team takes control, here's what the tech community can expect.

  • Rep. Gerald Connolly

    Connolly warns on workforce changes

    The ranking member of the House Oversight Committee's Government Operations panel warns that Congress will look to legislate changes to the federal workforce.

  • President Donald J. Trump delivers his inaugural address

    How will Trump lead on tech?

    The businessman turned reality star turned U.S. president clearly has mastered Twitter, but what will his administration mean for broader technology issues?

  • Login.gov moving ahead

    The bid to establish a single login for accessing government services is moving again on the last full day of the Obama presidency.

  • Shutterstock image (by Jirsak): customer care, relationship management, and leadership concept.

    Obama wraps up security clearance reforms

    In a last-minute executive order, President Obama institutes structural reforms to the security clearance process designed to create a more unified system across government agencies.

  • Shutterstock image: breached lock.

    What cyber can learn from counterterrorism

    The U.S. has to look at its experience in developing post-9/11 counterterrorism policies to inform efforts to formalize cybersecurity policies, says a senior official.

Reader comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group