As the Federal Government grows larger and larger, the vulnerability to cyber attack of its agency systems grows geometrically.
And, since the entire network of diverse agencies and users is becoming more integrated, multiple access points open the entire system to attack.
Although the government is aware of the threats and is talking action often this has inhibited the productivity of several agencies while concurrently causing the use of remote unsecure devices that increase cyber risk
The administration has made cyber security a priority. Many federal executives however, find they are inhibited by cumbersome cyber security procedures and policies at their agency in the areas of information access, computing functionality, and mobility.
Agency measures often create cyber security-related obstacles, such as being forced to access information at home and disrupted communication with other employees. As a result, productivity suffers.
While cyber attackers are innovative and nimble, federal agency response remains rule bound and out of date.
The resultant cyber security measures, often more bureaucratic than threat responsive, restrict access to websites and webmail accounts that can be helpful to federal executives.
Restricting these types of information sources often negatively impacts the efficiency with which executives do their jobs. Agency personnel often encounter slow-loading websites, delayed login times, tedious email downloads, and long file download times.
In order to maintain productivity, federal executives and staff frequently resort to less secure practices when cyber security restrictions prevent access to information they need for their jobs.
The most prevalent alternative method of accessing information is the use of non-agency devices like USB thumb dives, random media and unprotected wireless devices. Cyber attackers can use these unprotected devices to wreak havoc with otherwise protected networks.
Federal executives frequently work outside agency buildings. Recent surveys show that approximately half of those responding do at least some work at home or on travel.
To facilitate working outside the office, federal agencies often provide them with a mobile device; and many executives have an agency-provided laptop. Many of these devices lack the necessary cyber security precautions.
Since federal executives generally believe access to information is the most important factor to consider when contemplating changes to cyber security policy, it follows, then, that respondents most frequently identify access to information as inhibited by cyber security measures as a major cause of lower productivity at their agency.
Agencies must realize that, in order to increase productivity, executives and key employees need to work offsite with mobile devices. New measures that add security to these devices are required without sacrificing productivity.
More relevant, coordinated and timely cyber policies are required at all federal agencies. In addition to information access, many federal executives believe a host of considerations—including response time, agency mission, and computing functionality—should be taken into account to improve cyber security policies in the federal space.