Insights

The Future of Federal Cybersecurity: Balancing Security with Flexibility

In the wake of COVID, remote work has become a key retention strategy for many employers, with employees increasingly expecting flexibility. This is especially crucial for attracting and retaining top cybersecurity talent, where the federal government, already struggling with competition from the private sector, must offer remote work options to fill critical cyber roles. Fortunately, technological advances and federal cyber workforce initiatives, combined with practical tools described below, are allowing federal agencies to set the standard for a secure and flexible workplace.

Classified Work and Flexibility Can Work Together

The government might grapple with managing hybrid workforces and default to on-premises work only, particularly for cleared employees interacting with classified information. How do government agencies ensure that classified work is accomplished, while also giving employees the latitude to perform certain tasks in a hybrid work environment? Given the substantial investment—the time and energy of obtaining top level security clearances, acquiring training and upskilling—agencies need to retain these vital employees over the long haul. Here are a few ideas to help employees operate in this highly controlled environment.

Ensure Mutual Understanding and Awareness of Remote Work Basics

Trust is at the core of any successful hybrid or remote work arrangement. Managers and employees must establish a mutual understanding of how the telework agreement enables the employee to effectively carry out mission-critical activities. To foster this trust, managers and employees can cover several key aspects of remote work regarding classified work:

  • Ensure employees have a clear grasp of current security practices for remote work, including a thorough understanding of classification labels.
  • Discuss and agree upon how employees will allocate their time while working from home, specifying the tasks and projects they will focus on.
  • Determine the technology employees will use to perform their work securely, such as VPNs and desktop tools, and ensure they are proficient in using these tools.
  • Establish clear expectations regarding what employees will accomplish while working remotely, setting specific goals and deliverables.

Promote Task Stacking to Group Classified/Unclassified Work

Task stacking is a productivity strategy that involves grouping together tasks that can be performed in the same environment or require similar resources, allowing employees to optimize their time and effort. By strategically bundling administrative tasks that can be completed remotely and identifying mission-critical tasks that require a secure environment, organizations can promote a flexible work arrangement that enhances efficiency without compromising security.

Not All Work Requires a Classified Environment

Managers can help employees identify and understand which tasks must be performed in a highly secure environment, and which ones don’t. Many administrative tasks, such as status reporting, scheduling appointments, planning meetings, and responding to emails, do not necessarily require a highly secure environment. Even activities such as annual training and team-building exercises can be conducted remotely without negatively impacting their effectiveness.

Novel Approaches to Classified Coding

Some agencies have implemented innovative approaches to remote work, such as allowing employees to develop unclassified code remotely. Once the employees return to the office, they can then push the code into a classified environment, ensuring the security of sensitive information while still leveraging the benefits of remote work.

Investigate Job Sharing and Work Scheduling Options

To provide greater workforce flexibility and accommodate diverse employee needs, some agencies are exploring alternative work schedules and job-sharing arrangements. Managers can actively support and facilitate these discussions, providing guidance and resources as needed to help teams develop effective strategies for distributing workloads.

Alternatives to the Traditional Workday

Organizations may allow employees to work a compressed schedule, such as four 10-hour days, with the option to work remotely one day per week. This approach can help employees better balance their work and personal responsibilities while still ensuring that critical classified tasks are completed efficiently.

Working Smarter Collectively

Another avenue to consider is encouraging employees to collaborate with their colleagues in exploring ways to share work assignments. By fostering open communication and teamwork, employees can identify opportunities to divide tasks based on individual strengths, availability, and preferences. This not only promotes a more flexible work environment but also enhances cross-training and knowledge sharing among team members.

Leverage Technology and Zero-Trust Architecture

Agencies managing sensitive data must provide secure hardware and software to monitor and audit access. This involves implementing robust logging and monitoring systems that track employee access to confidential information and promptly detect any suspicious activity. These systems should be designed to alert IT security teams of potential breaches or unauthorized access attempts, allowing for swift action to mitigate risks.

Adding Layers of Security

In addition to monitoring, organizations should deploy remote wipe capabilities within their network infrastructure. This feature enables IT administrators to remotely erase data from lost or stolen devices, preventing sensitive information from falling into the wrong hands. Regular security updates and patch management are also crucial to maintaining the integrity of the organization’s software and systems.

The Premise and Promise of Zero-Trust

Faced with a federal mandate to adopt zero-trust security by September 2024, agencies are rapidly implementing zero-trust architecture. This approach operates on the principle of “never trust, always verify,” requiring strict identity verification for every user and device attempting to access resources, regardless of whether they are inside or outside the organization’s network perimeter.

This architecture is tailor-made for remote work, verifying every user and device trying to access resources, regardless of location. Its granular access control can also limit access to specific locations, ensuring employees working remotely are not connected to classified data, even if they meet multi-factor authentication and device security conditions.

Meet the Demand for Cyber Talent with Modern Workforce Flexibility

Not surprisingly, the move to zero-trust has further increased the government’s demand for cybersecurity talent, demand underscored by the Biden-Harris administration’s creation of the National Cyber Workforce and Education Strategy (NCWES). While NCWES seeks to develop cyber expertise nationally, a key tenet of the initiative is strengthening the federal cyber workforce.

To reduce barriers to hiring this sorely needed talent, government agencies can offer workplace flexibility, even in classified environments, by applying practical solutions, like those outlined here. These best practices enable employees who work in secure environments to work from home successfully and securely, while allowing the government to attract and retain key talent in a very competitive world.

Does Your Agency Struggle to Hire Cyber Talent?

Our human capital consulting services help you create an environment that attracts and retains cybersecurity professionals and meets your agency’s mission. Contact us to learn how we’ve helped organizations like yours unlock the potential of your workforce.

About the Authors

Michael Haynes

Michael is a results-oriented executive with over 25 years of management consulting, business readiness, organizational change management, talent management, business process design, and technology transformation experience. He leads our Digital Transformation team for the Air Force Research Lab.

Related Topics

Insights

Navigating Manufacturing’s Incremental Future: Key Findings for Industry Leaders

Manufacturing is no stranger to change. From the dawn of mechanization to today's data-driven automation, producers constantly adapt processes and business models. However, revolution tends...
Insights

Dear Employers: Want Gen Z to Work for You? Address Climate Change

By 2025, Gen Z will comprise 27% of the workforce and one third of the global population. Our own Isaac Parham, a Gen Z...
Insights

Strategic Planning in a Highly Uncertain World

Creating a strategy resilient to unpredictable events and constant change is possible. Scenario analysis is the key.