One way to improve security: Punish the ignorant
Perhaps federal agencies would have more success with information security training if employees knew they would be punished for allowing breaches through ignorance.
That’s one idea proposed (in a backward sort of way) by a reader responding to a topic posted as part of the FCW Challenge, a joint FCW-GovLoop project to spark debate about key topics in the federal IT community.
Our original thesis was this: Federal employees are unknowingly placing their agencies at risk for cyber attack by not taking their own personal security measures seriously. The government should launch a new PR campaign to raise awareness and protect itself, its citizens and the economy from cyber warfare.
But the anonymous reader pointed out that everyone in the Defense Department already gets annual training, but they ignore it because DOD officials “never discipline anyone for allowing breaches.”
The reader’s solution was to put DOD and the rest of the federal government on its own “trusted Internet” for mission-critical work, “and make people walk over to a machine in the corner to interact with the outside world.”
But perhaps security training would be more effective if people were indeed motivated by fear.
What do you think? Check out the conversation here.
You can also read more about the FCW Challenge here.
Here are the other topics up for debate:
Government social networks are Towers of Babel, doomed to topple.
The Open-Government Plan is Vaporware 2.0.
Acquisition 2.0 will give ethics officers the heebie-jeebies.
A mandate for the cloud is wishing for pie in the sky.
The federal workplace will never change. Telework? Fuggedaboudit!