Telework and teenagers don't mix

Federal officials say training and auditing are necessary to prevent IT security breaches

As lawmakers work on legislation to bolster federal telework programs, they are grappling with how to manage security threats from employees who use their home computers for government work.

Congress and the Office of Management and Budget are most worried about employees working on home computers with file-sharing software that could expose sensitive government data to millions of people.

Agencies prohibit the use of file-sharing software on government computers and on computers that employees use for official business when they are out of the office. However, employees working on home computers that they share with members of their family might not be aware of all of the programs that others have downloaded.

Teenagers are the biggest users of file-sharing software, such as LimeWire, which lets millions of users exchange music, videos and information ' including sensitive data. Even experienced information technology officials risk accidentally divulging data via peer-to-peer (P2P) file-sharing networks, experts say.

P2P networks automatically search hard drives for files that are available for sharing. If a federal teleworker saves a Microsoft Word document in the same location as files that a son or daughter is sharing on a P2P network, potentially millions of people could gain access to that file.

That's what happened earlier this year when a Transportation Department employee accidentally shared 66 government files while working on a home computer on which her teenage daughter had downloaded LimeWire. Similar situations might explain why data such as Pentagon IT blueprints and information about security clearances are easily obtained on P2P networks.

'The American people would be outraged if they understood what is inadvertently shared by government agencies on P2P networks,' said retired Gen. Wesley Clark, an adviser to Tiversa, an information security company. Clark spoke at a July 24 hearing of the House Oversight and Government Reform Committee.
At that hearing, Daniel Mintz, DOT's chief information officer, said the department has taken several steps to prevent breaches involving P2P networks. Agencies' focus must be on training and oversight, he said.

The way to prevent another incident is through training and auditing to ensure that employees follow DOT's policies, Mintz said. As an additional measure, he said, the department plans to give teleworkers laptop PCs that administrators can easily encrypt and monitor.

The threats associated with P2P networks are potentially widespread, said Stephen O'Keeffe, executive director of the Telework Exchange. More than half of federal employees in a survey published by that organization said they work from home at night or on weekends, O'Keeffe said. More than 50 percent said they used their own computers to do government work.

The culprit is not telework but inadequate training, O'Keeffe said. 'It's a cultural shift associated with the emergence in the workplace of the YouTube generation. If you are opening a backdoor to the system using LimeWire or Kazaa or whatever, you are putting the system and the network at risk. That's a training issue.'

On the day that Mintz and Clark testified about the dangers of P2P networks, OMB asked federal CIOs to review the controls they have in place to manage file-sharing software.

Telework proponents in Congress are focused on security as telework legislation moves ahead. Dan Scandling, aide to Rep. Frank Wolf (R-Va.), who is among the most vocal congressional proponents of telework, said adequate training would provide protection against threats from P2P networks.

Sen. Daniel Akaka (D-Hawaii) said agency telework policies must address the protection of sensitive information. Akaka, who supports the Senate's Telework
Enhancement Act, said agencies must give teleworkers proper security training. That bill is making its way through the Senate.

About the Author

Ben Bain is a reporter for Federal Computer Week.

Featured

  • Defense
    The U.S. Army Corps of Engineers and the National Geospatial-Intelligence Agency (NGA) reveal concept renderings for the Next NGA West (N2W) campus from the design-build team McCarthy HITT winning proposal. The entirety of the campus is anticipated to be operational in 2025.

    How NGA is tackling interoperability challenges

    Mark Munsell, the National Geospatial-Intelligence Agency’s CTO, talks about talent shortages and how the agency is working to get more unclassified data.

  • Veterans Affairs
    Veterans Affairs CIO Jim Gfrerer speaks at an Oct. 10 FCW event (Photo credit: Troy K. Schneider)

    VA's pivot to agile

    With 10 months on the job, Veterans Affairs CIO Jim Gfrerer is pushing his organization toward a culture of constant delivery.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.