Balancing Net access and risk
The recent survey of federal agencies by the Computer Security Institute and the FBI confirms what many observers suspected: Unauthorized use of computer systems is rising. Other interesting information gleaned from the survey includes the fact that system misuse in the government is greater than figures reported for the private sector and that a huge proportion of the misuse comes from internal abuse of Internet privileges.
The larger number of attacks on government computers may just be a difference in reporting. The government can be compelled to acknowledge attacks that private companies choose not to reveal. It may also be a reflection of the money that private companies have to spend on security measures. Too often in the government we are told security measures are cut when budgets grow thin.
The unauthorized-use question presents more troubling issues. Some agencies are looking at software solutions to limit Internet access to sites that are work-related or to shut out sites that are clearly inappropriate. Agencies followed a similar approach several years ago when they made it impossible to call 900 numbers from federal telephones.
The Internet however has quickly become an important tool for many federal employees. When NASA suggested that new security measures might limit access to the Net the reaction from users was instantaneous and strong.
The Internet offers enormous access to information but striking a balance between the needs of the agency and the needs of the employee will require careful policy development.