Telework and teenagers don't mix

Federal officials say training and auditing are necessary to prevent IT security breaches

As lawmakers work on legislation to bolster federal telework programs, they are grappling with how to manage security threats from employees who use their home computers for government work.

Congress and the Office of Management and Budget are most worried about employees working on home computers with file-sharing software that could expose sensitive government data to millions of people.

Agencies prohibit the use of file-sharing software on government computers and on computers that employees use for official business when they are out of the office. However, employees working on home computers that they share with members of their family might not be aware of all of the programs that others have downloaded.

Teenagers are the biggest users of file-sharing software, such as LimeWire, which lets millions of users exchange music, videos and information ' including sensitive data. Even experienced information technology officials risk accidentally divulging data via peer-to-peer (P2P) file-sharing networks, experts say.

P2P networks automatically search hard drives for files that are available for sharing. If a federal teleworker saves a Microsoft Word document in the same location as files that a son or daughter is sharing on a P2P network, potentially millions of people could gain access to that file.

That's what happened earlier this year when a Transportation Department employee accidentally shared 66 government files while working on a home computer on which her teenage daughter had downloaded LimeWire. Similar situations might explain why data such as Pentagon IT blueprints and information about security clearances are easily obtained on P2P networks.

'The American people would be outraged if they understood what is inadvertently shared by government agencies on P2P networks,' said retired Gen. Wesley Clark, an adviser to Tiversa, an information security company. Clark spoke at a July 24 hearing of the House Oversight and Government Reform Committee.
At that hearing, Daniel Mintz, DOT's chief information officer, said the department has taken several steps to prevent breaches involving P2P networks. Agencies' focus must be on training and oversight, he said.

The way to prevent another incident is through training and auditing to ensure that employees follow DOT's policies, Mintz said. As an additional measure, he said, the department plans to give teleworkers laptop PCs that administrators can easily encrypt and monitor.

The threats associated with P2P networks are potentially widespread, said Stephen O'Keeffe, executive director of the Telework Exchange. More than half of federal employees in a survey published by that organization said they work from home at night or on weekends, O'Keeffe said. More than 50 percent said they used their own computers to do government work.

The culprit is not telework but inadequate training, O'Keeffe said. 'It's a cultural shift associated with the emergence in the workplace of the YouTube generation. If you are opening a backdoor to the system using LimeWire or Kazaa or whatever, you are putting the system and the network at risk. That's a training issue.'

On the day that Mintz and Clark testified about the dangers of P2P networks, OMB asked federal CIOs to review the controls they have in place to manage file-sharing software.

Telework proponents in Congress are focused on security as telework legislation moves ahead. Dan Scandling, aide to Rep. Frank Wolf (R-Va.), who is among the most vocal congressional proponents of telework, said adequate training would provide protection against threats from P2P networks.

Sen. Daniel Akaka (D-Hawaii) said agency telework policies must address the protection of sensitive information. Akaka, who supports the Senate's Telework
Enhancement Act, said agencies must give teleworkers proper security training. That bill is making its way through the Senate.

About the Author

Ben Bain is a reporter for Federal Computer Week.

FCW in Print

In the latest issue: Looking back on three decades of big stories in federal IT.


  • Shutterstock image: looking for code.

    How DOD embraced bug bounties -- and how your agency can, too

    Hack the Pentagon proved to Defense Department officials that outside hackers can be assets, not adversaries.

  • Shutterstock image: cyber defense.

    Why PPD-41 is evolutionary, not revolutionary

    Government cybersecurity officials say the presidential policy directive codifies cyber incident response protocols but doesn't radically change what's been in practice in recent years.

  • Anne Rung -- Commerce Department Photo

    Exit interview with Anne Rung

    The government's departing top acquisition official said she leaves behind a solid foundation on which to build more effective and efficient federal IT.

  • Charles Phalen

    Administration appoints first head of NBIB

    The National Background Investigations Bureau announced the appointment of its first director as the agency prepares to take over processing government background checks.

  • Sen. James Lankford (R-Okla.)

    Senator: Rigid hiring process pushes millennials from federal work

    Sen. James Lankford (R-Okla.) said agencies are missing out on younger workers because of the government's rigidity, particularly its protracted hiring process.

  • FCW @ 30 GPS

    FCW @ 30

    Since 1987, FCW has covered it all -- the major contracts, the disruptive technologies, the picayune scandals and the many, many people who make federal IT function. Here's a look back at six of the most significant stories.

Reader comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group