Top Secret Telework

Thinkstock

After a federal employee allegedly leaked a trove of confidential documents to anti-secrets website WikiLeaks, the government responded with tighter controls on information sharing. But hunkering down on unauthorized access to official data hasn’t necessarily disconnected teleworkers, say current and former federal security officials. 

If information sharing and information protection can coexist then so can telework and data security, as evidenced by the actions of the Office of the National Counterintelligence Executive, or ONCIX, as well as the Defense Department and the Office of Management and Budget. In October 2011, President Obama issued an executive order directing agencies to retrofit classified networks with safeguards to stop intrusions and unauthorized downloads. An interagency insider threat task force, managed by ONCIX, was created to instruct departments on controlling employee access, even at off-site locations. 

Task force members are looking at how to apply protections so that they don’t conflict with telework laws. ONCIX officials acknowledge the controls must comply with 2010 legislation that calls for harnessing technology to expand the remote workforce. Separately, the Pentagon is instituting congressionally mandated insider threat detection systems at its classified telework center in Virginia. And OMB released new baseline protocols for securing data when teleworking. 

One possible reaction to the data-control policies would have been to say “no telework,” says Josh Sawislak, a former General Services Administration official who was responsible for cybersecurity and remote-work issues. But, he adds, “the administration is trying to fix the leak problem without causing collateral damage on telework.” 

New protections could add complexity to a work style known for its efficiency, but no more so than with the widely popular cloud, according to Sawislak. Agencies are embracing cloud computing—logging on to off-site systems through either the Web or a classified network—for many of the same reasons telework is encouraged, he notes. “In the cloud environment, everybody is a remote worker,” says Sawislak, now a senior fellow at the Telework Exchange, a public-private advocacy group. 

“Technology is not what’s keeping people from being able to work on classified information from a remote location,” he says, adding the main deterrents are the price of security tools and availability of accredited office space. “You’re obviously not going to sit in your living room with the highest level of classified information.” Nor would you want your most secret info lying around in a commercial cloud provider’s data center, he says. 

ONCIX officials make the case that until the task force works out options, the only means of classified telework is the flexiplace concept—a more convenient work site that is government-run. 

The Office of Personnel Management declined to discuss whether telework has or will decrease as a result of recent breaches, such as the WikiLeaks scandal. In response to questions, OPM officials referred to a summer 2011 OMB telework memorandum aimed at preventing security incidents that reiterates policies for protecting remote devices, such as the National Institute of Standards and Technology’s 2009 guidelines. The bulletin instructs officials to follow the procedures that best fit their needs. 

The memo also sets a new threshold for managing remote workers. Federal telework policies now must spell out rules for controlling access to agency information, protecting the data and safeguarding employee-owned mobile devices used for work. Policies also must address “preventing inappropriate use of official time or resources . . . by viewing, downloading, or exchanging pornography, including child pornography.” 

Defense spokeswoman Lt. Col. April Cunningham says the October executive order to tighten classified system controls isn’t necessarily making military telework more expensive or complicated. Most Pentagon teleworkers deal with unclassified materials that aren’t subject to special internal surveillance, she says. 

Only the Defense Information Systems Agency operates a classified telework center. The facility, located in Woodbridge, Va., is for personnel who otherwise would have to endure the region’s notorious rush-hour traffic to reach DISA’s new headquarters at Fort Meade, Md. The agency relocated as part of a recent base closure and realignment initiative. “Our agency leadership is very supportive of telework, and the agency has implemented the tools, processes and policy to use it effectively and securely,” DISA spokeswoman Laura Williams says. 

Technology at the telework center bans the use of CDs, jump drives and other removable storage devices. A tool called the Host-Based Security System blocks unauthorized applications and spots rogue systems on the network. This year, the Pentagon is rolling out special smart card tokens that personnel will need to sign on to the Secret Internet Protocol Router Network, which handles the military’s classified data. That’s the system Pfc. Bradley Manning allegedly tapped into to aid WikiLeaks. Military employees will need the tokens to log on at the telework center or any other workstation hooked up to SIPRNET. The added layer of protection is separate from a password, badge or smart card ID. 

“Like all other computers that connect to the department’s secret network, the computers in the DISA telework center also comply with all DoD policies regarding the cybersecurity of classified systems, including DoD policies and procedures for the use of removable media on classified systems,” Cunningham says. Defense is “driving out anonymity and increasing accountability by giving a cyber identity credential to every DoD person and requiring their use on classified networks.” 

According to Sawislak, opening more classified telework centers would reduce lengthy commutes, but so far they haven’t proved inherently useful. “In the past, the government contracted for a dozen or so telework centers without looking at the need or in great detail where they were located,” he says. “The goal to success in this area is to figure out the problem and find a flexible solution that addresses the problem at a reasonable cost that is outweighed by the benefits.”

Stay up-to-date with federal news alerts and analysis — Sign up for GovExec's email newsletters.
FROM OUR SPONSORS
JOIN THE DISCUSSION
Close [ x ] More from GovExec
 
 

Thank you for subscribing to newsletters from GovExec.com.
We think these reports might interest you:

  • Forecasting Cloud's Future

    Conversations with Federal, State, and Local Technology Leaders on Cloud-Driven Digital Transformation

    Download
  • The Big Data Campaign Trail

    With everyone so focused on security following recent breaches at federal, state and local government and education institutions, there has been little emphasis on the need for better operations. This report breaks down some of the biggest operational challenges in IT management and provides insight into how agencies and leaders can successfully solve some of the biggest lingering government IT issues.

    Download
  • Communicating Innovation in Federal Government

    Federal Government spending on ‘obsolete technology’ continues to increase. Supporting the twin pillars of improved digital service delivery for citizens on the one hand, and the increasingly optimized and flexible working practices for federal employees on the other, are neither easy nor inexpensive tasks. This whitepaper explores how federal agencies can leverage the value of existing agency technology assets while offering IT leaders the ability to implement the kind of employee productivity, citizen service improvements and security demanded by federal oversight.

    Download
  • IT Transformation Trends: Flash Storage as a Strategic IT Asset

    MIT Technology Review: Flash Storage As a Strategic IT Asset For the first time in decades, IT leaders now consider all-flash storage as a strategic IT asset. IT has become a new operating model that enables self-service with high performance, density and resiliency. It also offers the self-service agility of the public cloud combined with the security, performance, and cost-effectiveness of a private cloud. Download this MIT Technology Review paper to learn more about how all-flash storage is transforming the data center.

    Download
  • Ongoing Efforts in Veterans Health Care Modernization

    This report discusses the current state of veterans health care

    Download

When you download a report, your information may be shared with the underwriters of that document.