That’s one idea proposed (in a backward sort of way) by a reader responding to a topic posted as part of the FCW Challenge, a joint FCW-GovLoop project to spark debate about key topics in the federal IT community.
Our original thesis was this: Federal employees are unknowingly placing their agencies at risk for cyber attack by not taking their own personal security measures seriously. The government should launch a new PR campaign to raise awareness and protect itself, its citizens and the economy from cyber warfare.
But the anonymous reader pointed out that everyone in the Defense Department already gets annual training, but they ignore it because DOD officials “never discipline anyone for allowing breaches.”
The reader’s solution was to put DOD and the rest of the federal government on its own “trusted Internet” for mission-critical work, “and make people walk over to a machine in the corner to interact with the outside world.”
But perhaps security training would be more effective if people were indeed motivated by fear.
What do you think? Check out the conversation here.
You can also read more about the FCW Challenge here.
Here are the other topics up for debate:
Government social networks are Towers of Babel, doomed to topple.
The Open-Government Plan is Vaporware 2.0.
Acquisition 2.0 will give ethics officers the heebie-jeebies.
A mandate for the cloud is wishing for pie in the sky.
The federal workplace will never change. Telework? Fuggedaboudit!
Posted by John Stein Monroe on May 12, 2010 at 7:25 PM
E-Mail this page
M in Reston - maybe you're on to something. If the people we support want to cause a security breach, whether by accident, deliberate ignorance, or malice, who are we to stop them. You've got important work to do, and these security things are really blown way out of proportion.
Too bad the Conversation link is blocked on USAF computers. In short, reacting to insider threats is just as important as outside threats. But implementation is a problem - some govies in some org cannot be fired/disciplined while some contractors are immediately fired for a single security violation. I think we need more lower-impact "speeding tickets" issued than career-killer felonies and "Bygones" (ref Ally McBeal).
We've nearly perfected security. Every time a new email comes in, Outlook stops working to scan it. It may take ten minutes to write three lines, but our security is good. See Homeland Security Journal article "No Dark Corners" http://www.hsaj.org/ for an alternative way to handle security.
One thing every security weenie should understand is that PERFECT security is attainable only by shutting down the operation you support. If your security plan to is to move increments toward a shut down of the functions of the operation you support - then you should be fired. Your job is to secure the fully functioning operation, and NOT hobble or disable it. Get it? If you view the people you support as the enemy - go flip burgers!
Don't miss our June 7 Washington Technology Power Training session on Mastering Stakeholder Engagement, where you'll learned the critical skills you need to more fully connect with your customers and win more business.
In our latest Project 38 Podcast, editor Nick Wakeman and senior staff writer Ross Wilkers discuss the major news events so far in 2019 and what major trends are on the horizon.
Sign up for our newsletter.