Telework tool: A DOD innovation goes wide
As legislation requiring agencies to move more aggressively to allow telework comes closer to passage, managers worry about security. A tool the Air Force developed could ease their minds.
Agencies could soon find themselves managing more teleworkers: The Senate passed a bill Sept. 30 setting a deadline for determining employees’ eligibility to telework.
Although the bill still has a few hurdles before it becomes law, its chances are good. Managers who are concerned about allowing secure access to employees who aren’t using agency-issued computers have a tool available already, courtesy of the Air Force Research Laboratory.
The Telework Improvements Act of 2010 (H.R. 1722), currently awaiting a House compromise after the Senate’s passage, would give agencies 180 days to determine the eligibility of all employees to telework, establish telework policies and include telework as part of continuity-of-operations plans.
COOP was a concern of the Air Force lab’s Defense Research and Engineering in 2009, when the H1N1 flu pandemic raised the possibility of employees having to work from home. The lab was looking for an inexpensive way to ensure endpoint security.
“The challenge is to enable telework for workers at home without buying them a computer,” said Richard Kutter, a senior electronics engineer at the lab.
The lab developed a bootable CD using Lightweight Portable Security, an inexpensive, easy-to-use tool that had been available in a public edition since 2008. LPS uses open-source software and works with most Windows, Mac and Linux computers to create a nonpersistent, trusted end node for secure browsing, cloud computing or network access.
The Defense Department Office of the Chief Information Officer approved LPS-Remote Access in December 2009 for COOP. More than 30 DOD organizations, with more than 58,000 employees, have adopted it since. A free public version, LPS-Public, has been downloaded more than 35,000 times.
LPS boots a Linux operating system from a live CD and installs nothing on the client computer, running only in RAM to bypass any local malware and leave no record of the session. Its footprint is small, taking up only 124M and requiring only a Pentium II or later processor and 384M of RAM.
Another version of LPS-Remote Access is being developed for the U.S. Cyber Command, recently established at Fort Meade, Md.