The federal government is on a quest to provide high-quality agency data to the public through a variety of digital avenues. But standing in the path of agencies’ ability to provide government data “anytime, anywhere and on any device” are a number of potential roadblocks, according to a series of new reports from the Federal Chief Information Officers’ Council.
Chief among them is the need for stronger security and privacy policies, according to the council’s reports.
Last May, Federal CIO Steven VanRoekel launched the Digital Government Strategy to spur the government’s move to mobile technology.
The report identified three broad areas agency CIOs should examine before adopting new technology.
While mobile devices offer the promise of new and innovative capabilities, the development of programs and software to manage the deployment of such devivces — mobile-device management solutions — has lagged, the report noted.
Spotty network connectivity could also be a barrier for Web-based applications and virtualized desktop solutions, the report said, because they require a continous connection to function properly.
Agencies also told the council that a lack of comprehensive Bring Your Own Device (BYOD) policies would hinder further adoption of mobile technologies. Agencies told the council they’re hungry for general guidance on when and how employees should use their mobile devices in the line of work as well as more specific reimbursement policies for when employees use their own devices to conduct official business.
“There is a cost associated with the deployment of any new technology,” the report stated. “Exploratory or planning efforts should include a cost-benefit analysis to determine if the costs to acquire, operate and maintain the technology are outweighed by the benefits projected to be realized from the technology.”
But agencies said conducting these analyses are difficult because mobile-technology investments are often difficult to measure, and the mobile market is very dynamic.
“The rapidly changing maturity of the mobile marketplace and the relative immaturity of support-infrastructure products may drive up costs as agencies have to support an increasing number of devices and products,” the report stated.
Agencies also noted the lack of a governmentwide acquisition contract for mobile devices and data plans as a hindrance to wider adoption.
The biggest security barriers to wider mobile adoption are the lack of strong authentication and data-encryption methods, the report said, which calls into question the ability of agencies to use commercial mobile devices to store sensitive information.
Two-factor authentication remains difficult to realize on mobile devices, the report said. And with a diverse set of devices and operating systems, the problems compound.
“Currently, it is challenging to configure mobile devices to meet security requirements across multiple platforms and operating systems,” the report stated. “The lack of consistent configuration guidance for mobile devices and their rapid refresh cycle make it difficult to develop operating system hardening configurations for mobile devices.”
Privacy also a key concern
However, it isn’t only the government’s need to secure agency data that potentially hinders the development of mobile and digital initiatives. Agencies also must nail down ways to protect the personal information of citizens that take part in those projects.
“Federal agencies, as good data stewards, must adopt strong privacy, confidentiality and security safeguards to prevent the improper collection, use, retention or disclosure of personally identifiable information… when developing and delivering such digital services and programs,” the council’s second report stated.
Agencies should take a three-pronged approach to privacy controls, the report recommended:
PII Inventory. Agencies should ascertain what personally identifiable information — PII — will be “collected, maintained, used or disclosed.”
Privacy Impact Assessment (PIA). Agencies must conduct a review early in the development phase, detailing what privacy risks a program may entail and how information will be handled.
Privacy Notice. Federal agencies are already required to provide notice on the purpose and uses of personal information when collecting it from individuals. However, the digital realm brings into focus a whole host of new considerations.
“Over time, agencies, digital developers and data users may also create, discover or propose new and innovative ways to combine, share or otherwise leverage the power of the digital data and content collected or disseminated by their digital services or programs.” And, in such cases, agencies must consider whether they need to provide users with an updated privacy notice, the report stated.