Securely Addressing the Telework Option

By Stacey McDaniel

Government organizations are typically among the most conservatively managed of all organizations. While the commercial sector has recognized the advantages of telework, the government has been slow to follow. It looks like the combination of better technology and persuasion from Congress is leading government agencies to step up the adoption rate of telework programs. While telework can benefit all parties involved, it can also be a risky endeavor, especially if government agencies that handle sensitive information don't take important security precautions. Adoption of telework in the federal government began in 1990 and is on the rise, but still lags private industry adoption. In 2006, some government leaders will continue to work to change that. This article focuses on what efforts are underway to increase teleworking in government, and how it can be done in a secure manner.

Benefits of telework
More widespread broadband connections, Wi-Fi access, Webmail access for email, Web portals for remote access to government systems, popular use of home computers, and portable laptop computers all make telecommuting more convenient and feasible than ever. The federal government has also created a Web portal for all government telework information and Web-based training modules for teleworkers and managers.

Telework offers employees flexibility with regards to the locations and times where they can perform their jobs. Most remote employees work from home, but some also work from an alternate office closer to home or at other defined locations. Working remotely can improve employee productivity, enable an easier work/life balance, and reduce traffic on the roads (resulting in less air pollution and money spent on fuel).

Another important factor contributing to the growing popularity of telework is that it has been recognized as a critical element of Continuity of Operations (COOP) Planning. In the event of a man-made or natural disaster, including weather or health-related work interruptions, teleworking employees can help keep government operations running -- provided they are suitably equipped with the proper hardware and software and that security levels are maintained.

Secure connections
While telework is touted as a more efficient way of doing business, maintaining a secure program takes time and effort. Any time remote connections are made into a network, new security risks emerge. That is why security must be a priority when adopting telework. End-point devices that are dialing in from home or any remote location must be secured with firewalls, antivirus, spam filters, intrusion detection, and intrusion protection. A virtual private network (VPN) should be used to build a secure tunnel for connecting into the network, and Secure Sockets Layer (SSL) encryption should be utilized when transmitting messages. Furthermore, government organizations must ensure that any system seeking to access government IT resources is in compliance with organizational policies with respect to antivirus software, firewalls, and authentication.

Many government agencies have developed custom Web-based applications to provide various internal services for remote employees. This technology is especially vulnerable to attack. Between January 1 and June 30, 2005, 1,862 new vulnerabilities were documented, the highest number recorded since the Internet Security Threat Report began tracking new vulnerabilities in six-month intervals. 59% of all vulnerabilities were found in Web application technologies. These vulnerabilities are particularly dangerous because they can allow an attacker to access confidential information from databases without having to compromise any servers. Employees should only use Web applications that are necessary for them to conduct business, and administrators should employ a good asset management system or vulnerability alerting service, both of which can help to quickly assess whether a new vulnerability is a viable threat or not.

IT managers should be prepared to devote extra resources to alerting and patching deployment solutions, and should also monitor vulnerability mailing lists and security Web sites to stay on top of the threat landscape. For larger organizations, the use of a commercial threat warning or alert service may be a good investment. Additionally, teleworking employees should follow best security practices, including: keeping security patches and virus definitions up-to-date, performing regularly scheduled back-ups and implementing good password management.

What's behind the reluctance
Even though an extra commitment to security and technology is required for a successful telework program, this is not what appears to be hindering telework efforts in the government. According to the most recent study of telework by the U.S. Government Accountability Office (GAO), "Much work remains to ensure that federal employees have the opportunity to telework." Upon further inspection, the GAO determined that none of the obstacles to telework involved technology. Obstacles that were cited included:

• Lack of full funding to meet needs of telework programs
• No eligibility criteria established for teleworkers
• Lack of support from top management
• Resistance by managers (in particular, many mid-level managers insist on having staff be physically present when they perform work)
• Lack of training and information on telework programs
• Agencies that save money because of teleworking programs may have to return the savings directly to the federal treasury

This situation leaves telework supporters hoping that the benefits will eventually overshadow the drawbacks, and that the government will enable a more telework-friendly environment. 

What lies ahead?
In light of the increased call for COOP planning across government, some lawmakers do not think enough is being done to encourage employees to work outside the office. As evidence of this, $5 million in federal funding has been withheld from each of the following because they failed to make telecommuting an option for all eligible employees in 2005: NASA, National Science Foundation, Justice, State, and Commerce departments, the Small Business Administration, and the Securities and Exchange Commission.

Also, the Department of Homeland Security Reform Act of 2005 (HR 4009), was introduced in October 2005. The Act, still under review, calls for creation of a COOP plan for the DHS that includes a telework solution.

Expect to hear more about telework in government in 2006. Rep. Frank Wolf, R-Va., chairman of the Science-State-Justice-Commerce appropriations subcommittee, and a leading proponent of telework in government, recently said that he has personally requested that President Bush discuss telework in his upcoming State of the Union address. Wolf said "Gasoline has gone up, and [telework] is good for families. The studies show that people who telework are very, very productive."

Rep. Danny K. Davis, D-Ill., a member of the House Government Reform Subcommittee on the Federal Workforce and Agency Organization, is planning to introduce legislation this spring that would require the Chief Human Capital Officer's Council to conduct and evaluate a 10-day demonstration project where employees would work from alternate locations. The project would give agencies and Congress ideas for improving flexibility and identifying work processes that should be implemented during extended emergencies, Davis said recently.

Conclusion
Teleworking has the potential to dramatically change the way the government operates. It could turn what has historically been a quagmire of red tape and inefficiencies into a government that takes advantage of technology to operate seamlessly and efficiently at all times. Over the next year, expect to see more of a push for teleworking in government, especially as an integral part of COOP planning. If done with security in mind, it can have a positive effect on government operations across the nation.

Stacey McDaniel has been writing about high-tech issues for more than six years.