Top Secret Telework


After a federal employee allegedly leaked a trove of confidential documents to anti-secrets website WikiLeaks, the government responded with tighter controls on information sharing. But hunkering down on unauthorized access to official data hasn’t necessarily disconnected teleworkers, say current and former federal security officials. 

If information sharing and information protection can coexist then so can telework and data security, as evidenced by the actions of the Office of the National Counterintelligence Executive, or ONCIX, as well as the Defense Department and the Office of Management and Budget. In October 2011, President Obama issued an executive order directing agencies to retrofit classified networks with safeguards to stop intrusions and unauthorized downloads. An interagency insider threat task force, managed by ONCIX, was created to instruct departments on controlling employee access, even at off-site locations. 

Task force members are looking at how to apply protections so that they don’t conflict with telework laws. ONCIX officials acknowledge the controls must comply with 2010 legislation that calls for harnessing technology to expand the remote workforce. Separately, the Pentagon is instituting congressionally mandated insider threat detection systems at its classified telework center in Virginia. And OMB released new baseline protocols for securing data when teleworking. 

One possible reaction to the data-control policies would have been to say “no telework,” says Josh Sawislak, a former General Services Administration official who was responsible for cybersecurity and remote-work issues. But, he adds, “the administration is trying to fix the leak problem without causing collateral damage on telework.” 

New protections could add complexity to a work style known for its efficiency, but no more so than with the widely popular cloud, according to Sawislak. Agencies are embracing cloud computing—logging on to off-site systems through either the Web or a classified network—for many of the same reasons telework is encouraged, he notes. “In the cloud environment, everybody is a remote worker,” says Sawislak, now a senior fellow at the Telework Exchange, a public-private advocacy group. 

“Technology is not what’s keeping people from being able to work on classified information from a remote location,” he says, adding the main deterrents are the price of security tools and availability of accredited office space. “You’re obviously not going to sit in your living room with the highest level of classified information.” Nor would you want your most secret info lying around in a commercial cloud provider’s data center, he says. 

ONCIX officials make the case that until the task force works out options, the only means of classified telework is the flexiplace concept—a more convenient work site that is government-run. 

The Office of Personnel Management declined to discuss whether telework has or will decrease as a result of recent breaches, such as the WikiLeaks scandal. In response to questions, OPM officials referred to a summer 2011 OMB telework memorandum aimed at preventing security incidents that reiterates policies for protecting remote devices, such as the National Institute of Standards and Technology’s 2009 guidelines. The bulletin instructs officials to follow the procedures that best fit their needs. 

The memo also sets a new threshold for managing remote workers. Federal telework policies now must spell out rules for controlling access to agency information, protecting the data and safeguarding employee-owned mobile devices used for work. Policies also must address “preventing inappropriate use of official time or resources . . . by viewing, downloading, or exchanging pornography, including child pornography.” 

Defense spokeswoman Lt. Col. April Cunningham says the October executive order to tighten classified system controls isn’t necessarily making military telework more expensive or complicated. Most Pentagon teleworkers deal with unclassified materials that aren’t subject to special internal surveillance, she says. 

Only the Defense Information Systems Agency operates a classified telework center. The facility, located in Woodbridge, Va., is for personnel who otherwise would have to endure the region’s notorious rush-hour traffic to reach DISA’s new headquarters at Fort Meade, Md. The agency relocated as part of a recent base closure and realignment initiative. “Our agency leadership is very supportive of telework, and the agency has implemented the tools, processes and policy to use it effectively and securely,” DISA spokeswoman Laura Williams says. 

Technology at the telework center bans the use of CDs, jump drives and other removable storage devices. A tool called the Host-Based Security System blocks unauthorized applications and spots rogue systems on the network. This year, the Pentagon is rolling out special smart card tokens that personnel will need to sign on to the Secret Internet Protocol Router Network, which handles the military’s classified data. That’s the system Pfc. Bradley Manning allegedly tapped into to aid WikiLeaks. Military employees will need the tokens to log on at the telework center or any other workstation hooked up to SIPRNET. The added layer of protection is separate from a password, badge or smart card ID. 

“Like all other computers that connect to the department’s secret network, the computers in the DISA telework center also comply with all DoD policies regarding the cybersecurity of classified systems, including DoD policies and procedures for the use of removable media on classified systems,” Cunningham says. Defense is “driving out anonymity and increasing accountability by giving a cyber identity credential to every DoD person and requiring their use on classified networks.” 

According to Sawislak, opening more classified telework centers would reduce lengthy commutes, but so far they haven’t proved inherently useful. “In the past, the government contracted for a dozen or so telework centers without looking at the need or in great detail where they were located,” he says. “The goal to success in this area is to figure out the problem and find a flexible solution that addresses the problem at a reasonable cost that is outweighed by the benefits.”

Stay up-to-date with federal news alerts and analysis — Sign up for GovExec's email newsletters.
Close [ x ] More from GovExec

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Sponsored by Brocade

    Best of 2016 Federal Forum eBook

    Earlier this summer, Federal and tech industry leaders convened to talk security, machine learning, network modernization, DevOps, and much more at the 2016 Federal Forum. This eBook includes a useful summary highlighting the best content shared at the 2016 Federal Forum to help agencies modernize their network infrastructure.

  • Sponsored by CDW-G

    GBC Flash Poll Series: Merger & Acquisitions

    Download this GBC Flash Poll to learn more about federal perspectives on the impact of industry consolidation.

  • Sponsored by One Identity

    One Nation Under Guard: Securing User Identities Across State and Local Government

    In 2016, the government can expect even more sophisticated threats on the horizon, making it all the more imperative that agencies enforce proper identity and access management (IAM) practices. In order to better measure the current state of IAM at the state and local level, Government Business Council (GBC) conducted an in-depth research study of state and local employees.

  • Sponsored by Aquilent

    The Next Federal Evolution of Cloud

    This GBC report explains the evolution of cloud computing in federal government, and provides an outlook for the future of the cloud in government IT.

  • Sponsored by Aquilent

    A DevOps Roadmap for the Federal Government

    This GBC Report discusses how DevOps is steadily gaining traction among some of government's leading IT developers and agencies.

  • Sponsored by LTC Partners, administrators of the Federal Long Term Care Insurance Program

    Approaching the Brink of Federal Retirement

    Approximately 10,000 baby boomers are reaching retirement age per day, and a growing number of federal employees are preparing themselves for the next chapter of their lives. Learn how to tackle the challenges that today's workforce faces in laying the groundwork for a smooth and secure retirement.

  • Sponsored by Hewlett Packard Enterprise

    Cyber Defense 101: Arming the Next Generation of Government Employees

    Read this issue brief to learn about the sector's most potent challenges in the new cyber landscape and how government organizations are building a robust, threat-aware infrastructure

  • Sponsored by Aquilent

    GBC Issue Brief: Cultivating Digital Services in the Federal Landscape

    Read this GBC issue brief to learn more about the current state of digital services in the government, and how key players are pushing enhancements towards a user-centric approach.

  • Sponsored by CDW-G

    Joint Enterprise Licensing Agreements

    Read this eBook to learn how defense agencies can achieve savings and efficiencies with an Enterprise Software Agreement.

  • Sponsored by Cloudera

    Government Forum Content Library

    Get all the essential resources needed for effective technology strategies in the federal landscape.


When you download a report, your information may be shared with the underwriters of that document.