When Congressional mandates collide, confusion results

Federal Breaches Spark Security Review Push: GAO, administration officials call for look into data collection processes Jaikumar Vijayan June 19, 2006 (Computerworld) -- The massive data breach disclosed last month by the U.S. Department of Veterans Affairs has triggered sweeping reviews of information security policies at the VA and at several other government agencies that recently suffered smaller data losses. [ComputerWorld]

Agencies, vendors struggle with HSPD-12, surveys say By Jason Miller, GCN Staff
Two recent surveys signaled just how much agencies and vendors are struggling to implement Homeland Security Presidential Directive-12.

The area most often identified by federal IT security executives and systems integrators as needing attention was physical-access control. In a survey of federal IT security executives released yesterday by Computer Associates International Inc. of Islandia, N.Y., 56 percent said they had seven or more physical-access control systems, and 58 percent said their agencies had yet to make a decision on whether to standardize these systems. [GCN]

Telework cheaper than expected, but agencies still not on board By Rob Thormeyer, GCN Staff Although the costs of implementing effective telework programs are far less than predicted, agencies have yet to provide a programmatic and enterprisewide approach to solidifying telecommuting within the government, a General Services Administration report said.

The study concluded that the lack of investment and commitment in making telework acceptable across the government is not only hampering the telecommuting workforce, but agencies overall are losing out on productivity. [GCN]

In one day, in two different papers, three article on basically the same issue from three different points of view, neither of which seem to be paying any attention to the issues in the other court. This is not new in either journalism or the operations of the Federal Government. What is sad, however, is that while the journalists continue to write their stories, and the SESs in the Federal Government continue down their merry road, the is a serious lesson to be learned and no one seems to be connecting the dots for those that are seriously technically challenged. And what is truly frustrating about this whole mess is that each of the requirements are Congressionally mandated! At some point, should someone maybe stand up and tell Congress (and the President) that they can have either or, but not both, at least given the current playing field? Yet no one seems to be able or willing to stand up and do this.

At some point, can we not expect, that if our elected leaders, who are mandating at cross purposes, will not own up to not "getting it" in regards to data security, that the CIOs, who's job it should be to understand the conflicts and clearly don't seem to be speaking up, some analysis beyond "this was bad, it should be stopped..." from the press?

HSPD-12 is going to create a mess in the IT shops of every major agency. Rep. Tom Davis (and others) is screaming for increased telework (for a variety of good reasons - reduced traffic, pandemic/disaster preparedness) and yet every day we hear (or don't) about yet another data leak at an agency. All of these mandates are good in and of themselves, but when they are combined, the resulting train wreck is only going to be confusion and more insecurity - it cannot help but be anything less when the funding levels (especially at agencies like the VA that took a serious budget cut to their IT funding) are dropping, tasks are more complex and various agencies are issuing Federal wide directives. In the last 12 months, the infrastructure of every agency has been told to improve, upgrade or prepare for upgrade by GAO (IPv6), The President (HSPD-12) and Congress (Telework, budget levels). Along with ongoing internal modernization programs (getting off Windows NT for example or preparing for Windows Vista). At some point, even with all the requirements, something has to break. The data loss at the VA was an issue of policy rather than technology, but you know as well as I that the fix will be driven by yet another technological fix that will be bolted on to the existing Frankensteins monster that is most Federal networks.

It is a very sad state of affairs for the nation to be in.