Return to Article: Telework blamed in recent VA data loss

By Daniel Pulliam dpulliam@govexec.com June 1, 2006
  • 17346

    The teleworker certainly messed up taking the data outside the VA against agency policy. But, we all seem to be missing the root cause to all these data theft problems. It is how organizations do remote access. Anyone should be able to gain access to a VPN external connection from any location or system, government owned or not. The external connection should be equipped with a robust and closely monitored Intrusion Prevention System (IPS) and once proper credentials are provided, any internal access should be gained through additional credentials with applications and data being served up via a thin client session with no remote client interaction (no copy/paste to local system or local drive connections). This way no data is ever on the remote systems used for access and we would not have all these ridiculous data theft headlines in the news. Bottom line: It is poor IT architecture causing users to come up with work-arounds to IT shortfalls.

    GovExec.com reader Posted June 14, 2006 7:45 PM
  • 17263

    Well Mr. Taxpayer, at least we agree here. Federal managers should manage better and not be glorified analysts who micromanage their employees and who are not properly trained.

    Where we disagree is over your utopian vision of the private sector. You think folks are fired in the private sector but not the public sector for mistakes. I disagree.

    And I doubt very much that private sector managers fire over mistakes -- they fire on productivity grounds. You can make all the mistakes in the world in a law firm but if you bring in the billable hours and make profit everything is forgiven -- the whole private sector based on profit is like that.

    And let us all not forget those brilliant managers at Enron, Worldcom, and dozens of other private sector bastions of good management who can in the future be managing their cellmates!

    HR specialist in the federal government

    GovExec.com reader Posted June 9, 2006 5:31 PM
  • 17247

    FYI, I have been in management as president of a company, as executive vice president of a company and as a senior vice president of a very large company. I guarantee you that if any employee of mine violated data security they would have been fired immediately. I understand that government managers do not believe this is possible (however, it is - they just do not want to do the paper work necessary). Also, the government managers I see are nothing but glorified analysts that are expected to "do the daily work" at a higher level. However, managers should manage. They do not even know what management is! They need to staff the operation correctly (the right talent in the right place at the right time), they need to evaluate performance (therefore they need to establish what the performance is and how it will be measured -- then they need to measure it), they need to delegate to subordinates (they tend to keep the important things for their own work so they look important). A good manager should know what talents are needed, when to use them, where to send issues within the organization (not try to do everything), and how to recruit, train and evaluate their employees. In my government experience I have not seen a single manager that managed!

    They don't care about their employees, they do little to reward or punish their employees and they just fill slots (usually with someone they know and like rather than with the proper talents). Often they rate poor employees highly so that the employee can move to another job and out of the hair of the so-called manager. If you thing this crap would fly in the private sector you have no idea what managers do and are expected to do. It may come as a big surprise but a good manager does not have to know the technical detail of their employees' jobs! They simply need to know how to use those talents and employ them for the good of the organization. Problem with government managers is that they generally do not know what is good for the organization - they do what is good for them. Just like Congress does to get votes and contributions - give away money for projects and services that do not provide significant benefits for the people of the United States.

    Taxpayer Posted June 9, 2006 7:58 AM
  • 17216

    This isn't about teleworking gentlemen. This is about employees who should never have been taking this material home to begin with. Yes, as a vet I fully agree those responsible for this should be removed from federal employment, but in any case I suspect they will have federal charges put on them. As a federal employee it appears to me that poor management and lack of oversight of employees is the basic cause of the situation. I agree with taxpayer to some degree. I have had managers whose main concern is primarily Friday afternoons, and how quickly they can hit the door.

    Charlie Posted June 7, 2006 5:06 PM
  • 17188

    This is exactly what we need to help fuel the argument many government managers have against teleworking! This was not a case of telecommuting going astray; it was a case of an employee failing to follow proper security procedures.

    I've talked with a large number of managers about telecommuting and the majority are for it and support it quite well. For the ones who don't I've asked why. The main response is they don't feel that they can trust their employees unless they can see them and watch what they are doing. My only response is that to ask if they themselves know that they couldn't be trusted and therefore think that everyone else is the same?

    Telecommuting is an extremely valuable tool that should be used as much as possible. Not every job is viable for telecommuting but those that are should be opened to telecommuting. It inspires confidence in the employee and cuts down on transportation costs for the employee. I've had workers telecommute and know for a fact that I got more than just the eight hours a day from them because they wanted to do the work and appreciated my trust in them.

    Bill Goodwin Posted June 6, 2006 10:45 AM
  • 17163

    While this security breach is obviously rooted in management, it is not to say that one hundred percent of federal managers are incompetent. There are some good managers here and there in the government. But, they are not recognized because it sets the bar higher and makes the federal management problem as a whole look worse than it does now.

    This management failure resulted in the personal information of thousands of people being compromised. Other management failures compromise efficiency and waste millions of dollars. Still others compromise worker safety leading to workers being needlessly injured or even killed. Yet, it's the VA problem that has gotten the press.

    There are many more than an adequate number of federal employees to run the government. But, their efforts are often so poorly managed that the work doesn't get done efficiently and correctly, if at all. This security breach is nothing compared to many of the other problems. Nothing will change until the right people are held accountable.

    How many federal managers know of these problems and do nothing about it? Aren't they just as guilty?

    Robert M. Posted June 5, 2006 1:37 PM
  • 17158

    To the writer who stated: "This is not a problem with telework. This person was using his personal PC. ... Since government PCs are used for telework, this is a moot issue."

    What planet are you on, where government agencies issue PCs to government employees to telework? In my agency, nearly all the telework is on the employee's personal computer, with the employee paying for the DSL or Cable Internet connection out of his/her own pocket! Want virus protection or firewalls? Pay for that out of your own pocket too.

    The government's only cost is for RAS tokens to allow access into the government systems the employee must use to do the telework.

    As for CAC cards - my agency still hasn't figured out how they'll integrate CAC cards and government supplied readers with privately owned PCs -- but they are not making any plans to supply government-purchased computers to teleworking employees.

    GovExec.com reader Posted June 5, 2006 10:07 AM
  • 17129

    Just curious Taxpayer, have you ever been in management? You seem to make some cast in stone remarks concerning supervisors and managers. I can tell you that's not the case 100 percent of the time.

    GovExec.com reader Posted June 2, 2006 3:32 PM
  • 17128

    So now we'll blame this security breach on ... telecommuting? This is called diverting the "heat" (but it just may work).

    What's fascinating is that the VA only allows GS-14s and above to telecommute. These people are I guess the only ones the VA "trusts," although since this breach was carried out by a GS-14 (upon approval to do so by an SES), I guess the VA won't even trust its managers/ leaders! I'm sure a lot of work will be accomplished with this arrangement -- not trusting your people.

    And then the VA will have to submit a yearly report to Congress saying they are "meeting" the suggested goal of 5 percent of the workforce telecommuting. OK, I give - who will these people be again?

    GovExec.com reader Posted June 2, 2006 3:29 PM
  • 17110

    This is not a problem with telework. This person was using his personal PC. If it was on a government PC, then the information would most likely have been encrypted or at least password or CAC card protected. Since government PCs are used for telework, this is a moot issue.

    GovExec.com reader Posted June 2, 2006 9:10 AM
  • 17101

    This is not a clearance issue or a telework issue. It is a management issue! That is why the VA is blowing smoke all over the place. Management did not do its job and allowed an employee to take home classified materials. The employee and the manager(s) responsible for enforcement of the security policy concerning the data should be fired or at a minimum removed from the management positions and dropped in grade and pay at least two levels if they are not fired. Additionally, their record should indicate that they did not manage effectively and should never be considered for another management position in the federal government.

    My experience in the federal government is that managers do not manage, do not want to be involved in controversy, will not make decisions that could result in negative impact on their continued advancement possibilities and are over paid. Most of them are not worth what they are paid today. If they managed in the private sector as they mismanage in the government, they would be gone!

    Taxpayer Posted June 2, 2006 7:44 AM

Post a Comment

To post a comment, you must provide a name and a valid e-mail address. Messages must be limited to 400 words. By using this Service you agree not to post material that is obscene, harassing, defamatory, or otherwise objectionable. Although Government Executive does not monitor comments posted to this site (and has no obligation to), it reserves the right to delete, edit, or move any material that it deems to be in violation of this rule.

Telework blamed in recent VA data loss
*
*
*
Vendors Solutions Center