Cyber Security Industry Alliance Newsletter •  Volume 2, Number 9 • May 2006

Kurtz Testifies to Congress on Crisis-Driven Telework Readiness

Federal Workfore Not Ready To Telework During Influenza Pandemic;
Crisis Planning Offers Opportunity to Change the Way Government Does Business

 

Cyber Security Industry Alliance (CSIA) Executive Director Paul Kurtz testified before the House Government Reform Committee on May 11. In his testimony, he expressed deep concern that the federal workforce lags far behind the private sector in its ability to work offsite in response to a large-scale crisis such as pandemic influenza.

  

CSIA Recommendations on Telework

  • Create incentives for federal agencies to embrace telework initiatives

  • Recognize that some "emergencies" could last 18 months

  • Recognize that, though the information information infrastructure is privately held, government must take a coordinating role in large-scale emergencies

  • Convene a task force to aggressively expand telework

  • Review the emergency readiness of the information infrastructure and plan for 'surge' capabilities

 

Noting that Committee Chairman Tom Davis (R-VA) has previously called for federal agencies to be able to ‘decentralize’ their critical functions in an emergency, Kurtz said, "I wish I could say that this goal had been met. It is true that many agencies have made strides within their own internal operations and continuity of operations planning. But they have a long way to go before they are ready to work together in a crisis like an outbreak of avian flu. Most agencies’ contingency plans are designed for a maximum downtime of two or three days; a flu pandemic could last as long as 18 months. We simply don’t have the workforce distribution capability or the Internet infrastructure that we need today."

Kurtz urged that the federal government invest in the capability to distribute its workforce, enabling employees to function offsite under normal as well as adverse conditions - not only at home, under the traditional definition of telework, but from anywhere, at any time.

"As frightening as a flu pandemic might be, it also provides us with the opportunity, and the impetus, to change the way the government does business by breaking down structural barriers to reform like budget rules, statutory limitations, and management inertia. The result will be a more agile, efficient workforce. Right now there is little incentive for agency leadership to adopt telework, because any savings they achieve are simply returned to the Federal treasury. We need to change that, to allow agencies to 'win' by participating and deploying teleworking systems, and not be punished for their success."

"A distributed workforce helps in 'all hazards' - a terrorist attack, a natural disaster, or an accident," Kurtz said. "Building one will take time and effort, but will pay significant, recurring long-term dividends well beyond just crisis management. As an example, he cited aggressive action by the financial sector to disperse critical physical facilities outside of lower Manhattan in the wake of the attacks of Sept. 11. "Now they’ve gone a step further," Kurtz said, "so that their workers can work any time, anywhere. There are also other widely recognized benefits to workforce distribution: higher productivity, reduced traffic congestion and gas consumption, a cleaner environment, greater personal flexibility, and a higher quality of life."

However, he noted one significant caveat. "The burden on the information infrastructure also requires attention. Little empirical evaluation is available on the ability of the Internet infrastructure to support the traffic created when large numbers of employees suddenly attempt to log on during the onset of a crisis. The private sector owns and operates the vast majority of the critical information infrastructure, but in an emergency the government must play a leading role in coordinating its continued operation during a national emergency."

"The Federal government should
- at the very least - seek to match the private sector’s capabilities, even if it takes a crash program to do it."

  

Kurtz recommended that the White House Office of Management and Budget, in coordination with the Homeland Security Council, should convene a task force to aggressively expand telework. "The Federal government’s efforts should not be limited to enabling 'essential personnel,' he said. "Agencies should be far more aggressive seeking to encompass as many employees as possible. The Federal government should at the very least seek to match the private sector’s capabilities, even if it takes a crash program to do it."

Kurtz also recommended that the President’s National Security and Telecommunications Advisory Committee and National Infrastructure Advisory Council undertake an immediate review of the burden that a flu pandemic would have on the information infrastructure. "Plans for a 'surge' capability in the opening phase of a pandemic should be assembled and ready to activate," he said.

"Preparing for a long-term pandemic influenza means the federal government must ensure employees can provide essential services for an extended period of time in a distributed and resilient manner. And doing so requires an information technology infrastructure robust enough to handle the job,” Kurtz concluded. “Ultimately, Congress should ask the hard questions, and use both the carrots and the sticks necessary, to make it all happen."

Kurtz’s full testimony is available at: https://www.csialliance.org/resources/testimony/.

 

Note: Paul B. Kurtz testified before the House Small Business Committee Subcommittee on Regulatory Reform and Oversight on liabilities driving better consumer data protection practices on May 23, 2006.

His testimony covered the importance of data security to small businesses and steps small business, industry, and the Federal government can take to improve security.
See next month's newsletter for a synopsis.