Officials from 28 federal agencies say cyber-security measures impact productivity by restricting access to information and delaying communications with others, according to a Government Business Council survey. Officials say they often bypass security controls on purpose to get things done.
Despite their bosses' insistence on strong cyber-security in government,
federal officials find those measures get in the way of doing their jobs,
according to the results of a Government
survey released Sept. 30.
Federal executives said cyber-security measures impacted "information access,
computing functionality and mobility" and reduced their productivity,
according to the Cybersecurity
in the Federal Government
(PDF) survey in May.
"Surveyed federal executives believe that cyber-security policies and
procedures should be modified to provide more emphasis on the importance of
allowing federal managers to achieve their agency's mission," said Bryan
Klopack, GBC's director of research.
About 62 percent of the respondents said security restrictions prevented
them from getting information from certain Websites or using applications
related to their jobs. Blocked sites included video sites, messaging services
and news sites, according to the survey. Slow computer performance and the
inability to access information remotely were other obstacles cited.
The agency officials said they sometimes resort to "less secure
practices," such as using a non-agency device, in order to get access to the
information they need. Over half said they accessed information from home
instead of from the office to get around the security controls.
Reassuringly, none of them admitted to using someone else's log-in
More than two-thirds of the respondents complained about security scanning
tools and other security measures reducing computer performance. They also
report that security scanning tools on the network can slow Websites loading,
delay e-mail delivery and increase file download times. An official called this
a "huge waste of productive time" on the survey.
Existing security restrictions slowed down their response times, the
officials said; more than a third blamed the security rules for delaying
projects and communications within and outside the agency.
Despite the 2010
Telework Enhancement Act
which promotes working remotely, almost half of
the surveyed officials felt the security measures actually limited them to
staying within the agency building in order to have access to certain resources
and applications. This is in despite of the fact that many of them have an
agency-provided laptop and smartphone.
Not surprisingly, officials felt security was stronger inside the building
than outside the office. Even so, a majority of them said they work remotely
regularly, whether from home or out on the road while traveling.
President Obama signaled early in his administration that cyber-security
in the federal government, especially in communications, and coordination, was
a priority. "This status quo is no longer acceptable-not when there's so
much at stake. We can and we must do better," he said.
Various agencies have responded to Obama's mandate with their own rules. The
Pentagon established a Cyber Command
to safeguard Department of Defense networks, the Department of Homeland
Security regularly conducts large-scale cyber-security drills to test
government response in case of a disruption, and the General Services
Administration requires the control systems in buildings owned by the Public
Building Service to have strong cyber-security measures.
The surveyed executives felt access to information was the most important
factor to consider when implementing cyber-security policy. They also said
response time, agency mission and computing functionality should also be taken
into account to improve policies.
A total of 162 federal executives from 28 civilian and defense agencies
responded to the GBC survey. The agencies included theDepartment of Treasury,
United States Postal
Service and United States Marine Corps. The executives managed areas that included
operations, finance and human resources.