Government Agencies – what have you learned about connectivity to your UNCLASSIFIED networks since the COVID-19 lockdown?

By now, government agencies have surveyed their own agency’s workforce to determine how many employees/contractors DO or DO NOT yet have connectivity to the agency’s internal UNCLASSIFIED networks, the common government networks that offer “safe remote access” to the general government workforce.

“Safe remote access,” in this context, means the ability for a general government employee/contractor to access a government network remotely using authentication. The lowest-level government networks are UNCLASSIFIED and because most government information on these networks is created for a specific government purpose and may not be appropriate for public release, government unclassified networks are designated as FOUO – FOR OFFICIAL USE ONLY. (Many agencies no longer use the FOUO designator having updated to the CUI identifier: https://www.archives.gov/cui.)

FOUO is not a classification but a designation applied to unclassified information to identify material which may not be appropriate for public release.

http://www.dami.army.pentagon.mil/site/InfoSec/TP-FOUO.aspx

The information generated on “unclassified” government networks is commonly the “business information” side of agency work. The “business side” refers to those agency elements which are common to all agencies: Acquisition, Finance, Human Resources, Logistics, Security, and IT among others. The information work performed by each of these and their myriad internal subdivisions may include the composition of Briefings/Presentations or Action Items/Action Plans. It may include the reporting of Personnel Rosters or General Ledger/Budget reports or Budget Programming/Execution projections and reports or contingency planning documents and reports. It may include the composition of Statements of Work or Requests for Proposal or Independent Government Cost Estimates. It may include the creation of subordinate employee Evaluations and Awards. Subordinates may generate weekly or monthly or quarterly Accomplishments. Much, if not all, of this can be performed on government UNCLASSIFIED/FOUO networks.

Only when information specifically regarding the mission of the agency and the federal government is included in a government-generated information item does the item then assume the classification of the mission information. Unless by this means or otherwise deemed so, the item remains “unclassified” from birth.

Of interest, even UNCLASSIFIED/FOUO information generated on networks created for information of specific higher classifications requires a government “Trusted Agent” (trained and officially recognized) to move items down from the higher networks to the lower.

Security and good stewardship of government information prods agencies to make use of government owned UNCLASSIFIED/FOUO web services rather than public Internet equivalents. However, accessing government UNCLASSIFIED/FOUO networks requires some level of authentication. Those granted authenticated connectivity gain access to resources behind the authentication wall. Without discussing specific government resources, at a minimum they include any remote connectivity resource used by all large commercial businesses and most SMBs: Email, some collaborative content management system (typically, SharePoint), some chat option, possibly VTC, and often government-owned services for videos, micro-blogging, and images which commercial businesses would simply leverage through third parties like YouTube, Twitter, or Flickr.

Agencies are discovering the impact remote connectivity, and often the lack of it, is a having on individual agency work performance. The current model for government remote connectivity is for government employees/contractors to use their personally owned computer using a Common Access Card (CAC). At the moment, however, getting the workforce connected requires agencies to serve a multitude of IT variables that exist with employee/contractor hardware, such as OSs, browsers, Common Access Card (CAC) readers, etc.

E-Signing with Smart Cards in U.S. Government Agencies ...

Common Access Cards (CAC) are commonly issued to all government employees and contractors. As .gov and .mil and other government domains are reached in users’ browsers, the site requests the presence of a card reader and a CAC with an embedded chip. On the remote login attempt, authentication is requested and the user is required to enter personal credentials, created according to each agency’s established policies.

Once authenticated, users typically are presented with either a web-based interface with common web functionality or a virtual desktop session. Both have their advantages to be debated later.

With the progress of the modern web experience, a web-based solution, such as Intelink.gov, seems to be the solution that serves the largest number of the variables listed above. Most government employee/contractor personal computers with very few exceptions can get to a website regardless of the hardware or OS they use. The value added by the virtual desktop experiences through Citrix of VMWare is often lost in the challenges posed by these layers as they interact with the different hardware and software variables described. The web-based solution is becoming the de facto standard, only limited by the virtual desktop’s ability to grant access to users’ personal files and remotely-served software.

With a common “ease of use” web-login eliminating the majority of “software” connectivity variables, the government is then left with controlling the hardware used to connect by its workforce.

It is realistic to consider that government agencies might someday soon create a new line item on their property inventories to include a standard-issue government laptop, tested and approved for UNCLASSIFIED/FOUO work, issued to every government employee, and added to agency IT lifecycles. Vendors would be responsible for ensuring contractors have the necessary hardware. The primary reason, however, for standardized hardware is for the virtual desktop experience. Standardized hardware allows for a consistent software image across the fleet of laptops which will standardize troubleshooting when problems arise. Currently, agency help desks serving the larger remote agency communities must troubleshoot connectivity problems factoring in hardware types, all OSs, all browsers, all cac readers, and more.

Agencies need to assess the true need of the agency standardized hardware expense against the low-cost, simpler web-based option which more easily accepts open hardware configurations.

If government-issued hardware is the route agencies take, though, it is hoped, by then, the government will have discovered the power and use of the cloud and any work done on a government “in-office” UNCLASSIFIED/FOUO desktop is instantly available to the employees government-issued “remote-use” laptop. This is a key element of flexible “in office” to “remote” collaboration.

If agencies are struggling to connect, head to Intelink.gov. A larger portion of your workforce will be able to connect there…and it’s FOUO.

Contact Government Knowledge Management, LLC if you have any questions.

Leave a Reply

Your email address will not be published.