ISSX Internet Security Systems

Kurtz: Crisis Planning Offers Opportunity to 'Change the Way Government Does Business' ARLINGTON, Va., May 11 /PRNewswire/ -- Cyber Security Industry Alliance (CSIA) Executive Director Paul Kurtz testified before the House Government Reform Committee today that the federal workforce lags far behind the private sector in its ability to work offsite in response to a large-scale crisis such as pandemic influenza. Noting that Committee Chairman Tom Davis (R-VA) has previously called for federal agencies to be able to 'decentralize' their critical functions in an emergency, Kurtz said, "I wish I could say that this goal had been met. It is true that many agencies have made strides within their own internal operations and continuity of operations planning. But they have a long way to go before they are ready to work together in a crisis like an outbreak of avian flu. Most agencies' contingency plans are designed for a maximum downtime of two or three days; a flu pandemic could last as long as 18 months. We simply don't have the workforce distribution capability or the Internet infrastructure that we need today." Kurtz urged that the federal government invest in the capability to distribute its workforce, enabling employees to function offsite under normal as well as adverse conditions -- not only at home, under the traditional definition of telework, but from anywhere, at any time. "As frightening as a flu pandemic might be, it also provides us with the opportunity, and the impetus, to change the way the government does business by breaking down structural barriers to reform like budget rules, statutory limitations and management inertia. The result will be a more agile, efficient workforce. Right now there is little incentive for agency leadership to adopt telework, because any savings they achieve are simply returned to the Federal treasury. We need to change that, to allow agencies to 'win' by participating and deploying teleworking systems, and not be punished for their success." "A distributed workforce would also require changes in the ways that managers interact and evaluate employees," Kurtz added. "Many supervisors insist on having 'eyes on' employees, and as we all know, change is hard. But there are technologies available today that help with the management of telecommuters, and the private sector has proven that they work and do so with a high level of security." "A distributed workforce helps in 'all hazards' -- a terrorist attack, a natural disaster, or an accident," Kurtz said. "Building one will take time and effort, but will pay significant, recurring long-term dividends well beyond just crisis management." As an example, he cited aggressive action by the financial sector to disperse critical physical facilities outside of lower Manhattan in the wake of the attacks of Sept. 11. "Now they've gone a step further," Kurtz said, "so that their workers can work any time, anywhere. There are also other widely recognized benefits to workforce distribution: higher productivity, reduced traffic congestion and gas consumption, a cleaner environment, greater personal flexibility, and a higher quality of life." However, he noted one significant caveat. "The burden on the information infrastructure also requires attention. Little empirical evaluation is available on the ability of the Internet infrastructure to support the traffic created when large numbers of employees suddenly attempt to log on during the onset of a crisis. The private sector owns and operates the vast majority of the critical information infrastructure, but in an emergency the government must play a leading role in coordinating its continued operation during a national emergency." Kurtz recommended that the White House Office of Management and Budget, in coordination with the Homeland Security Council, should convene a task force to aggressively expand telework. "The Federal government's efforts should not be limited to enabling 'essential personnel,' he said. "Agencies should be far more aggressive seeking to encompass as many employees as possible. The Federal government should at the very least seek to match the private sector's capabilities, even if it takes a crash program to do it." Kurtz also recommended that the President's National Security and Telecommunications Advisory Committee and National Infrastructure Advisory Council undertake an immediate review of the burden that a flu pandemic would have on the information infrastructure. "Plans for a 'surge' capability in the opening phase of a pandemic should be assembled and ready to activate," he said. "Preparing for a long-term pandemic influenza means the federal government must ensure employees can provide essential services for an extended period of time in a distributed and resilient manner. And doing so requires an information technology infrastructure robust enough to handle the job," Kurtz concluded. "Ultimately, Congress should ask the hard questions, and use both the carrots and the sticks necessary, to make it all happen." Kurtz's full testimony is available at http://www.csialliance.org/. About the Cyber Security Industry Alliance The Cyber Security Industry Alliance is the only advocacy group dedicated exclusively to ensuring the privacy, reliability and integrity of information systems through public policy, technology, education and awareness. Led by CEOs from the world's top security providers, CSIA believes a comprehensive approach to information system security is vital to the stability of the global economy. Visit our web site at http://www.csialliance.org/. Members of the CSIA include Application Security, Inc.; CA, Inc. (NYSE:CA); Citadel Security Software Inc. (NASDAQ:CDSS); Citrix Systems, Inc. (NASDAQ:CTXS); Entrust, Inc. (NASDAQ:ENTU); Fortinet, Inc.; Internet Security Systems Inc. (NASDAQ:ISSX); iPass Inc. (NASDAQ:IPAS); Juniper Networks, Inc. (NASDAQ:JNPR); McAfee, Inc. (NYSE:MFE); Mirage Networks; PGP Corporation; Qualys, Inc.; RSA Security Inc. (NASDAQ:RSAS); Secure Computing Corporation (NASDAQ:SCUR); Surety, Inc.; SurfControl Plc (LONDON: SRF) ; Symantec Corporation (NASDAQ:SYMC); TechGuard Security, LLC; Visa International and Vontu, Inc. DATASOURCE: Cyber Security Industry Alliance CONTACT: Scot Montrey, Communications Director of CSIA, +1-703-894-3022, Web site: http://www.csialliance.org/

Copyright