in

This Blog

Syndication

Tags

News

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Archives

AlertBoot Endpoint Security

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Data Security: House Of Reps. Passing P2P Bill? Secure Federal File Sharing Act

A bill was introduced this week by Rep. Edolphus Towns (D-N.Y.), chairman of the House Oversight and Government Affairs Committee.  The bill, the Secure Federal File Sharing Act, is aimed at restricting the use of peer-to-peer (P2P) software by government employees and contractors. (If they could only do something similar for hard drive encryption software as well...I mean, the problem of lost and stolen laptops precedes P2P-related problems.)

Of course, the bill won't govern their private lives.  Rather, it's a ban on using P2P software on federal computers or computers used for federal government work.  Exceptions can be made if approved.

The bill is a response to the many P2P-related breaches the US government has been experiencing of late.  Earlier this year:

  • In January, President Obama's Marine One details were found in P2P networks.  Schematics for the helicopter had been leaked from a defense contractor.  In fact, due to the extremely sensitive nature of the breach, the government went into overdrive and found on which computer the leak originated

  • In July, documents pointing out the First Family's safe house were leaked.  Motorcade routes were found as well

  • In October, documents related to misconduct investigations were leaked.  It was all the more scandalous because the committee that conducts the investigation is very tightlipped about its activities

Is Banning P2P From Government Computers A Good Idea?

I would say so.  I know the issue is not entirely black and white, but in this particular world of grays, it definitely leans towards the darker side.  Yes, P2P is just a piece of technology, and there's nothing inherently "evil" about it--no more than a pencil, which can be used to produce art or used to draw the schematics of a dirty nuclear bomb.

However, consider the following:

  • Most government workers probably deal with stuff that shouldn't be made public.  Take the case of some paper pusher at the DMV.  Would you want to risk having his work exposed to the public?  Seeing how he or she probably deals with SSNs and addresses, I would personally say no.

    I'm all for open, transparent governments and whatnot, but I think the main idea is to make sure we can keep an eye on what the government is doing.  A transparent government is certainly not about anyone being able to see the nitty-gritty details; otherwise, any schmucks would be able to steal SSNs and other sensitive data to their hearts' content, as if it were their federally mandated right.

  • If we're talking about work computers, chances are most people are not scrutinizing their actions on it.  People tend to be more careful with their own property than with stuff given to them for "free," i.e., money is not leaving their pockets if stuff happens to it.  Work computers dovetail into this description admirably.

    If one allows P2P software to be installed on work computers...well, maybe people won't pay as much attention to the security settings.  They should.  But will they?  If history is any indication, the answer is no.

  • No one's looking for government files on P2P networks.  Compterworld.com notes that:
    Some groups, such as the Electronic Frontier Foundation (EFF), have said that a broad governmentwide restriction on P2P use would limit the government's ability to take advantage of potentially useful file-sharing tools such as BitTorrent.
    But, honestly, besides security professionals and potential terrorists, who's looking for government files on P2P networks?  No one.  They're busy downloading movies and music and games.  And, if they do need access to some government file...well, I'd recommend they visit the official government site.

    I mean, isn't one of the big dangers about the P2P world the fact that we don't know which files out there have been modified to carry trojans and other malware?  Why would anyone want to be searching for legitimate documents in such an environment?


Related Articles and Sites:
http://www.computerworld.com/s/article/9141099/Bill_would_restrict_P2P_use_on_government_networks_?source=rss_security
http://government.zdnet.com/?p=4387

 
<Previous Next>

Disk Encryption Software: City Of Alberta Loses One Laptop A Month

Data Security: 41% Of Employees Steal Corporate Data

Comments

No Comments

About sang_lee

Sang Lee is a Senior Account Manager and Security Analyst with AlertBoot, Inc., the leading provider of managed endpoint security services, based in Las Vegas, NV. Mr. Lee helps with the deployment and ongoing support of the AlertBoot disk encryption managed service. Prior to working at AlertBoot, Mr. Lee served in the South Korean Navy. He holds both a B.S. and an M.S. from Tufts University in Medford, Massachusetts, U.S.A.