United States General Services Administration

Interagency Telework Issues Working Group Subcommittee DRAFT Reports

United States Office of Personnel Management

Scope of Report

This information technology (IT) report examines issues surrounding security, connectivity, use of government equipment in personal residence, and help desk support for teleworkers. The report is divided into four (4) sections:

Section I: Security;
Section II: Connectivity;
Section III: Use of Government Equipment in Personal Residence; and
Section IV: Technical and Help Desk Support.

Each section addresses questions posed by various entities within the Federal government. Detailed recommendations are included in each section of this IT report.

There are two major recommendations to be included in the Executive Summary. These recommendations encompass the substance of the specific recommendations from all four sections and are as follows:

1. Each agency's Chief Information Officer (CIO) should seek to effectively influence decisions that help their agency achieve congressionally mandated telecommuting goals. To this end, agency CIOs shall designate an individual(s) within their organization to address security, helpdesk/maintenance, budget, new technology, telecommunications issues, and to act as a liaison with internal agency telecommuting coordinators.

2. The General Services Administration (GSA) and the Office of Personnel Management (OPM) should establish a formal interagency workgroup comprised of key telecommuting stakeholders. For example, this group should include the agency CIO designees, referenced in our first recommendation, agency telecommuting coordinators, and National Institute of Standards and Technology, budget, and procurement representatives as appropriate. The mission of this interagency workgroup is to provide a mechanism for agencies to collaborate on strategies to increase telecommuting participation by elimination of technological barriers through policy and/or legislative changes and to keep abreast of the latest innovations in technology that can support congressionally mandated telecommuting goals.

Section I: Security

Agencies throughout the Federal government are concerned about the vulnerability of their internal systems when there is remote access to these systems. Some specific areas of concern are described in this section with useful resource information provided.

1. Are there Federal regulations or guidance that address security of electronic information?

The Computer Security Act of 1987, OMB Circular A-130 Appendix III, Security of Federal Automated Information Resources, and OMB Guidance on Implementing the Government Information Security Reform Act address issues of security throughout the government. The Chief Information Officers Council (CIO) also offers a list of laws, regulations, and procedures that can be found on its website, http://www.cio.gov/. OMB Circular A-130 requires that agencies establish security requirements, issue a policy on them, and designate a security officer for technology.

2. What are some practical approaches to solve the problem of inconsistencies within agencies and/or departments with respect to allowing employees to connect to local area networks from alternate worksites?

This is an issue that must be resolved by each agency in its own policy. The General Services Administration provides contracts for agencies to order various types of telecommunications services throughout the country (http://www.gsa.gov/MAA). Agencies should draw on available resources and share information with one another through organizations such as the Chief Information Officers Council and through the National Institute of Standards and Technology (http://www.nist.gov/), to achieve consistency.

3. How does an agency safeguard its internal computer network from hackers and/or viruses when they permit employees to access the network from home or travel? Can a government-wide protocol be established for access to non-classified information, especially as it relates to networks that have significant security controls/firewalls that act as barriers to regular telecommuting?

The National Institute of Standards and Technology (NIST) in the Department of Commerce has statutory responsibility for developing standards and guidelines to protect sensitive federal systems. In addition, NIST develops guidelines on technical (public key infrastructure, PBX security) and security management (security planning, use of tested products) topics. An example of additional materials among the bulletins and publications produced by NIST is a bulletin entitled "Security Issues for Telecommuting," January 1997. Agencies currently have considerable flexibility in deciding what system of protection they will use to avoid viruses and hacking. The CIO Council offers a brochure, "Federal Best Security Practices," that can found on its website at http://BSP.cio.gov/. Equipment provided and configured by an agency for its telecommuters seems to be the best deterrent.

4. What would be the strategy for developing such a protocol?

Internet security research at NIST's Information Technology Laboratory focuses on developing and standardizing new technologies for privacy and authentication services on the Internet. ITL is attacking security concerns at several levels, from protocols for securing individual data packets to systems for managing global distribution of encryption keys and certificates. In addition, NIST has very recently completed a draft Special Publication, "Self-Assessment Guide for Information Technology Systems," which utilizes a questionnaire containing specific control objectives against which a system or group of interconnected systems can be tested and measured. See http://csrc.nist.gov/publications/drafts.html.

5. Is there currently a way to track official files/records to ensure that both hard copies and electronic files are adequately protected during transmission to and from the telework site?

The Department of Justice has written Legal Considerations in Designing and Implementing Electronic Processes, A Guide for Federal Agencies, November 2000. See http://www.cybercrime.gov/eprocess.htm

Recommendations on Security

Agencies want to know where they should go for information on security of technology, so the following is recommended:

• that GSA take a more aggressive role as liaison with all federal agencies to ensure that they are up-to-date and informed on the leaders in this area and organizations that make contributions to these subjects;
• that NIST be recognized as the leader on technology security as it relates to telecommuting, and that technology advances be shared by all agencies through NIST;
• that the CIO play a more active role in providing information to agencies through the Council members, e.g. its brochure on best practices; and
• that agencies dedicate financial resources to computer equipment specifically targeted for employees who are telecommuting.

Section II: Connectivity

The requirement to connect to the Internet and to main office electronic files is important in order to successfully telework. It is noted that "low-tech" solutions, such as the use of floppy disks to copy files in the office and take them to the alternative work site, may be sufficient in some cases, for unclassified, non-sensitive information. However, for the majority of cases, connectivity is an issue. The speed of the connection is important in many cases to maintain the same level of productivity. Digital Subscriber Line (DSL), cable modems, and analog dial-up lines are three methods to access the Internet and internal government systems. The General Services Administration has a number of contracts available to Federal agencies to solve the connectivity problems that an agency may face. Their website at http://www.gsa.gov/MAA contains additional information on what services are available in your area. Some specific issues and useful resource information is provided in this section.

1. What types of mechanisms are currently available to permit remote access by agency employees to internal government systems? What are the pros and cons of each mechanism identified (i.e., availability, compatibility, speed, and cost)?

Employees often need access to records, regulations, handbooks, manuals, and files normally maintained at the office site. Agencies that maintain this information in digital form can transmit it back and forth over telephone lines. If the information is available only in hardcopy form, facsimile machines can transmit and receive it. PCs will also receive faxes, but the associated software programs are less reliable than stand-alone fax machines.

Agencies may provide employees access to internal government systems (Local Area Networks (LANs)) through:

• a direct method (via telephone line directly to the agency's server using remote access software such as Citrix, or equivalent);
• indirectly (via telephone line to the employee's desktop computer using Citrix or other software such as LapLink or pcAnywhere, or equivalent);
• utilizing VPN (Virtual Private Network) which utilizes the Internet and cordons off part of a public network to create a private LAN (provides a secure tunnel from the desktop to the agency server through the Internet); or
• placing the agency mainframe on the Internet (for email only - not secure and no access to files or applications).

2. What factors can inhibit attempts to increase connectivity capacity that are outside of agency control? How can these issues be resolved?

General Concerns:

• Costs - many agencies comment that the costs associated with allowing employees to telecommute are perceived barriers - costs associated with securing telephone lines, hardware and software to permit access
• Security Concerns - some agencies express concern about the security of data and information flowing through telephone lines
• Availability - agencies note that their existing bandwidth is overtaxed and cannot accommodate additional access connections

Specific Issues Regarding Access Mechanisms:

• Remote access to server with Citrix type software

Costs associated with securing licenses for (1) Microsoft suite (or other software), (2) user license, and (3) access license (total licensing process could be as much as $2,000.00 per employee)

• Indirect access to server via employee's computer desktop with software such as LapLink or pcAnywhere

Security issues at remote location and at employee's usual workstation (computer must be left on while employee is connecting from remote site)

• Virtual Private Network (VPN)

Best security and least expensive of the options

• Placing the agency mainframe on the Internet

For email only - not secure and no access to files or applications

3. What is the difference between a regular residential phone line and a digital subscriber line (DSL)?

Digital Subscriber Line (DSL) service delivers high-speed data over standard phone lines. DSL ranks second to cable modems as the most popular residential high-speed Internet service. A DSL line operates as much as dozens of times faster than a dial-up connection. Downloading data over a DSL connection is anywhere from eight to 100 times faster than downloading with dial-up modems, depending on the level of DSL service a user selects.

For information purposes, the following is quoted from http://www.dsl.net/:

DSL (Digital Subscriber Line) technology supplies the necessary bandwidth for numerous applications, including high-speed access to the Internet, dedicated Internet connectivity, and videoconferencing. This digital broadband line directly connects your premises to the Internet, via the existing copper telephone lines.

There are many varieties of DSL technology (generally described with the term "xDSL"). DSL uses the current copper infrastructure to supply broadband service access to the Internet. This service requires specialized equipment at the DSL.net location and a DSL modem at the subscriber's location. DSL.net currently offers "SDSL" (symmetric DSL, or in other words, same speeds, both directions) for small- and medium-sized businesses.

DSL technologies allow for voice and data to coexist. DSL technology is a distance-sensitive service*.

*NOTE: DSL is a distance sensitive technology. DSL's high-frequency signals transmit at very high speeds, but they attenuate over longer distances. This means a business located within 12,000 feet (2.25 miles) of the CO can receive DSL speed at 1.5 Mbps, while a business at 36,000 feet (6.8 miles) from the same CO can only receive speeds at 144 Kbps.

Currently, with DSL Bonding technology, businesses can increase what would have been the maximum bandwidth associated with their distance from the CO. If your DSL equipment and your CO or ISP support DSL Bonding, your DSL lines can be aggregated to deliver 2 to 4 times more the maximum bandwidth you normally qualify for.

SDSL (Symmetric Digital Subscriber Line) -This technology provides the same bandwidth in both directions, upstream and downstream. That means whether you're uploading or downloading information, you have the same high-quality performance. SDSL provides transmission speeds within a T1/E1 range, of up to 1.5 Mbps at a maximum range of 12,000 to 18,000 feet from a central office, over a single-pair copper wire. This option is ideal for small- and medium-sized businesses that have an equal need to download and upload data over the Internet.

Other varieties of digital subscriber lines include:

ADSL (Asymmetric Digital Subscriber Line) - This technology reports a downstream speed, but its upstream speed is a fraction of the downstream. Primarily used in residential applications and many providers do not guarantee its bandwidth levels.

RADSL (Rate Adaptive Digital Subscriber Line) -This technology automatically adjusts the access speed based upon the condition of the line.

IDSL (ISDN Digital Subscriber Line) -This technology is symmetrical, similar to SDSL, but operates at slower speeds and longer distances.

HDSL (High-Data-Rate Digital Subscriber Line) -This technology is symmetrical, but is mainly deployed for PBX over a T-1 line.

VDSL (Very-High-Rate Digital Subscriber Line) -This is a high-speed technology, but has a very limited range.

4. How is the service installed? DSL.net provides the following description to answer this question.

We interface with the local telephone company to order a new line. Once the line has been installed, we arrange for the inside wiring within the office location. We install the DSL modem and perform a 24-hour test to establish an error-free link. We assign IP numbers and provide configuration information to you or your IT vendor. Your IT personnel or vendor configures each workstation and your high-speed access to the Internet is now ready for use!

The growing popularity of DSL is clear. Research by the Yankee Group shows 300,000 residential DSL subscribers at the end of 1999 with a projected total of 900,000 subscribers by the end of 2000. That's up from virtually none in 1998 when the service was largely unavailable. DSL providers have been overwhelmed with requests for the service, which, they insist, is a central cause of the problems some subscribers are experiencing. "We just didn't expect that everyone . . . would want DSL," a spokesperson from Earthlink-Sprint said. (http://www.wired.com; DSL: Darn Stupid Line by Michelle Finley, January 21, 2000)

5. If an agency chooses to install a phone line in a private residence to enable an employee to telecommute, what issues do agency planners need to consider?

The requirement for a phone line, the initial cost, monthly costs, maintenance, repair, and return (e.g., employee retires or moves to another agency) need to be considered. Use of a phone line provided by the government would need to be managed just as any other equipment provided by the government to an employee to do their job. An agency might consider issuing the employee the use of a cell phone, if there is a work requirement for an additional phone line. An agency has the authority to install an additional phone line per 31 USC 1348, Sec.620 (PL 104-52), which states that an agency may pay for the installation of a phone line in "any private residence or private apartment of an employee who has been authorized to work at home...."

Recommendations for Connectivity

A requirement to connect to the Internet and to main office electronic files often is important in order to successfully telework. The speed of the connection is equally important. There are different types of connectivity currently available in different areas. DSL and cable modems are two such types of service. These services are expanding steadily to different geographical areas. Initially, a standard dial-up modem that connects teleworkers to their central office using PCAnywhere, Remote Access Software (RAS), CITRIX, or equivalent type software may be sufficient. Internet access via satellite is another option where the technology is still being developed. The research, determination of service availability, cost comparisons, cost, installation, and maintenance of a high-speed connection may ultimately lie with the individual agency working together with prospective teleworkers. It is our recommendation that:

• Each agency is encouraged to have a central point of contact within each of their regions to coordinate telecommunications needs for telecommuters with the General Services Administration (GSA). GSA regional contracts are possible sources for telecommunications services. (http://www.gsa.gov/maa)

Section III: Use of Government Equipment in Personal Residence

This section addresses areas of concern raised by agencies pertaining to the use of government equipment in personal residences (computers, printers, modems, desks, and chairs). Some specific issues and useful resource information is provided in this section.

1. What is the law or regulation that gives agencies the authority to provide surplus/excess equipment to teleworkers?

Agencies can provide surplus/excess equipment to teleworkers following the same internal procedures for distributing equipment for other government purposes. Specific legislation to encourage or discourage the use of government equipment for telecommuters does not exist.

2. What types of government-wide policies and/or guidance are currently available that relate to using government equipment in an alternate work location?

General government wide policies relating to the use of government equipment at an alternate work site are non-existent. A number of agencies have addressed the use of government equipment in their individual telecommuting policies or have issued supplemental guidance for telecommuters in form of computer equipment handbooks.

3. Does an agency have the authority to pay for private Internet services for an employee who telecommutes? If not, what other options are available to employees who routinely use the Internet as part of their official government duties?

Generally agencies have the authority to pay for private Internet services. There are no statutory prohibitions for payment of an Internet service provider, DSL service, and/or cable modem services do not exist, as long these expenditures are necessary to perform the work. Comptroller General Decisions B-2260665 and B-225159 authorizes payment in situations where the service is necessary to carry out an authorized function and adequate safeguards against misuse are utilized.

4. In some agencies computer systems are monitored to help identify and deter misuse. How can this be accomplished when the computer is located in the employee's residence? What right does the employee have to privacy in this type of situation?

The same agency policies for monitoring government issued equipment should apply to equipment used at a personal residence. The agency would have to develop the appropriate monitoring scheme to address this concern. The same workplace policies covering personal use of government equipment should apply whether the equipment is used at home or at work.

5. To what extent may employees use agency-supplied equipment located in their private residence to conduct personal activities?

Use of agency-supplied equipment located in private residences to conduct personal activities should be based on the individual agency's policies. Individual agency policies on "personal use" may or may not extend to private residences.

6. To what extent could a protocol be established to address the issue of inconsistent application of existing flexibilities by federal agencies? What, if any, prohibitions exist against allowing employees to use their personal equipment (i.e., phone lines, computers, printers, fax machine, etc.) in conducting official government business?

It is not practical to issue a government wide protocol to address the inconsistent application of existing flexibilities by federal agencies, since agency's computer security and equipment requirements are unique. Prohibitions against using personal equipment to conduct official government business do not exist. A number of agency polices clearly state repair costs are the employee's and not the agency's responsibility.

7. If an employee chooses to use his/her personal equipment to conduct government business, does the agency incur any financial or security liability for condoning this practice?

Agencies do not incur a liability if the employee chooses to use his/her own personal equipment to conduct government business, provided their policies clearly identify the employee's obligation for repairing and maintaining personal equipment.

Recommendations for Use of Government Equipment in Personal Residence

OPM and GSA should request agencies establish cross-programmatic groups (comprised of personnel and technology specialists) to study and address their computer equipment needs, infrastructure changes, and "computer barriers" to support the telecommuting legislation.

In order to resolve the concern expressed regarding inconsistent application of government flexibilities in computer equipment usage, GSA/CIO council should develop a compendium of the different types of approaches employed by agencies. This summary should identify: the type of approach used by an agency, an agency specific point of contact, and be publicized on OPM's telecommuting website.

Recommend the CIO council designate working groups to further research and address these computer/equipment issues on an on-going basis. Results of these work group findings should be published on OPM's telecommuting website.

Section IV: Technical and Help Desk Support

This section of the report addresses areas of concern raised by agencies pertaining to the availability and consistency of help desk/technical support for teleworkers. This issue involves using government equipment (i.e., computers, printers, modems and related software), or personal equipment to perform official government duties, while telecommuting from an alternate location other than the traditional work site.

1. Will the agency Help Desk support teleworkers at their alternative work sites?

Some agencies have a lack of resources to effectively support individuals who are home-based telecommuters. They have noted deficiencies in infrastructure-related areas such as telephone system capacity and computer hardware and software as well as a lack of technical personnel to perform help desk services. Funding to hire additional technical staff or procure these services is limited. Further, in a tight labor market it is increasingly difficult to recruit and retain talented help desk staff.

2. How and to what extent is the lack of Help Desk support for teleworkers a barrier to effective teleworking?

The degree to which these resource restrictions create a barrier to telecommuting vary among organizations. However, organizations have articulated that adequate funding is essential to expand and sustain technical support/help desk services for large-scale increases in telecommuting. Additionally, comments from various agencies suggest that policies that are used to administer help desk services are silent or lack clarity regarding employee flexibilities to obtain assistance while telecommuting.

It is recognized that many agencies choose to contract for a portion or all help desk/ technical support activities. The policies that govern these services relate directly to the deliverables and/or requirements that are expected of the contractor. Even government employees who perform help desk/technical support activities are often unclear regarding their responsibilities related to support of individuals who telecommute. This issue becomes even more complex when the telecommuter is using his or her own personal equipment to conduct official duties.

Recommendations for Technical and Help Desk Support

OPM and GSA should request agencies to review existing information technology (IT) help desk/ technical support policies and practices and recommend that a section be included that addresses telecommuting arrangements. Likewise, telecommuting policies should reference, or link to, relevant sources of help desk policy and information. Telecommuting will continue to increase as technology and workforce dynamics change; therefore, this approach presents an opportunity to develop a strategy to support a virtual workplace comprised of employees who may be geographically disbursed.

Next, agencies should explore the feasibility of sponsoring a conference in collaboration with the federal Chief Information Officers Council (CIO) that would focus on IT solutions to support telecommuting, including help desk support issues. Participating IT managers should share copies of their policies, particularly those that have already been revised, implemented, and shown to be successful in supporting telecommuters. Such a conference would provide an opportunity for the IT community to discuss other issues relevant to the technical support of telecommuting. Discussions should include how to address budgetary concerns regarding purchase or upgrade of equipment to improve efficiency for those that work at home or other remote locations. Methods for examining practical ways to fix problems with hardware or software that cannot be solved on-line or by phone can be discussed. The viability of emerging technology to improve connectivity and speed, as well as security concerns, could be part of the conference.

• Back To Draft Reports Home Page
• To GSA Home Page
• To GSA Site Map
• To OPM's Work & Family website
• To OPM Home Page
• To OPM website Index