[Infowarrior] - Cyber-security Hurts Federal Government Productivity, Survey Says

Fri Oct 1 06:20:30 CDT 2010

This article reminds me that the *only* time in 15 years that I've ever written down passwords was when working on a particular "USG" project.  Why?  Too damn onerous to remember them all given their "kitchen sink" password requirements....I'd spend more time resetting my password just to log in and check a project schedule website than it took me to read the data I needed to access.

So at some point, yes, security in its best intentions can end up causing vulnerabilities, policy violations, or, as the article says, impact productivity.  It's a careful balance, but unfortunately the "balance" tends towards the overprotecton side versus the "let's get practical" side.

-rick

Cyber-security Hurts Federal Government Productivity, Survey Says

By: Fahmida Y. Rashid
2010-09-30
http://www.eweek.com/c/a/Security/CyberSecurity-Cutting-Federal-Government-Productivity-Survey-744792/

Officials from 28 federal agencies say cyber-security measures impact productivity by restricting access to information and delaying communications with others, according to a Government Business Council survey. Officials say they often bypass security controls on purpose to get things done.

Despite their bosses' insistence on strong cyber-security in government, federal officials find those measures get in the way of doing their jobs, according to the results of a Government Business Council survey released Sept. 30.

Federal executives said cyber-security measures impacted "information access, computing functionality and mobility" and reduced their productivity, according to the Cybersecurity in the Federal Government (PDF) survey in May.

"Surveyed federal executives believe that cyber-security policies and procedures should be modified to provide more emphasis on the importance of allowing federal managers to achieve their agency's mission," said Bryan Klopack, GBC's director of research.

About 62 percent of the respondents said security restrictions prevented them from getting information from certain Websites or using applications related to their jobs. Blocked sites included video sites, messaging services and news sites, according to the survey. Slow computer performance and the inability to access information remotely were other obstacles cited.

The agency officials said they sometimes resort to "less secure practices," such as using a non-agency device, in order to get access to the information they need. Over half said they accessed information from home instead of from the office to get around the security controls.

Reassuringly, none of them admitted to using someone else's log-in credentials.

More than two-thirds of the respondents complained about security scanning tools and other security measures reducing computer performance. They also report that security scanning tools on the network can slow Websites loading, delay e-mail delivery and increase file download times. An official called this a "huge waste of productive time" on the survey.

Existing security restrictions slowed down their response times, the officials said; more than a third blamed the security rules for delaying projects and communications within and outside the agency.

Despite the 2010 Telework Enhancement Act which promotes working remotely, almost half of the surveyed officials felt the security measures actually limited them to staying within the agency building in order to have access to certain resources and applications. This is in despite of the fact that many of them have an agency-provided laptop and smartphone.

Not surprisingly, officials felt security was stronger inside the building than outside the office. Even so, a majority of them said they work remotely regularly, whether from home or out on the road while traveling.

President Obama signaled early in his administration that cyber-security in the federal government, especially in communications, and coordination, was a priority. "This status quo is no longer acceptable—not when there's so much at stake. We can and we must do better," he said.

Various agencies have responded to Obama's mandate with their own rules. The Pentagon established a Cyber Command to safeguard Department of Defense networks, the Department of Homeland Security regularly conducts large-scale cyber-security drills to test government response in case of a disruption, and the General Services Administration requires the control systems in buildings owned by the Public Building Service to have strong cyber-security measures.

The surveyed executives felt access to information was the most important factor to consider when implementing cyber-security policy. They also said response time, agency mission and computing functionality should also be taken into account to improve policies.

A total of 162 federal executives from 28 civilian and defense agencies responded to the GBC survey. The agencies included theDepartment of Treasury, United States Postal Service and United States Marine Corps. The executives managed areas that included operations, finance and human resources.