CIOs Create Online Federal Employee Directory

[InfoSec News <isn () C4I ORG>]

Fowarded by: "Thomas B. Baines" <tbaines () anl gov>

By Christopher J. Dorobek
Technology Reporter
cdorobek () planetgov com

Oct. 26, 2000 - Trying to find someone at a federal agency can be like
trying to find something good on television on a Saturday afternoon.
But now the Chief Information Officers Council is spearheading a
project to create an online directory of federal employees.

The Government Electronic Directory seeks to provide an online
governmentwide white pages of basic contact information for federal
employees--name, telephone number, email address and possibly title.

The directory offers a number of benefits, both in the near future as
well as in the long term, said Martin Smith, chairman of the directory
forum, a working group of the CIO Council's Enterprise
Interoperability and Emerging Information Technology Committee.

The directory will provide an immediate place for federal employees to
reach other federal employees, said Smith, who is director of
information services at the International Trade Commission. Within
government, there is a lot of work done by agency peers talking to one
another, he said. Right now that can be difficult.

The directory, however, also plays a role in electronic government
initiatives, he said, as agencies seek to provide better access to
their government.

Sign Here

The CIO Council is laying the groundwork for the long-term benefits of
such a directory, Smith said. The true benefits will come when
agencies authenticate electronic messages, or code emails so that
receivers can be sure that messages are really coming from who the
senders claim to be, officials said.

The directory will be a home for federal employee digital signatures,
said William Burr, an electronics engineer at the National Institute
of Standards and Technology and chairman of the technical working
group of the federal Public Key Infrastructure Steering Committee.
That will let a person send an authenticated message securely over the
Internet, he said.

The electronic directory was unveiled late last year without much
fanfare. The directory currently includes information from 20
agencies. The working group started with some of the largest agencies
first as well as those that were members of the working group.

Some agencies, however, are still deciding about whether they want to
participate, Smith said. Some federal employees have been concerned
about having their names publicly available. Other concerns have been
the potential invasion of privacy for federal employees and the
potential security risks that the directory could create.

"There were all kinds of concerns," he said. In fact, the working
group has spent much more time on those practical issues than on
creating the site technically, he said. Some agency representatives
said that employees were nervous and that it could become a
labor-management issue. The hope is that the use of the directory will
alleviate some of those concerns.

Hold the Spam

Furthermore, agencies individually decide whether to participate and
whether to include specific people's name in the directory. The issue
is especially important for law enforcement officers or deployed
military troops.

One of the concerns has been that employees would be flooded with
email messages or that the directory would trigger unsolicited email,
or spam. Those have not been a problem in the 11 months that the
directory has been online, Smith said.

Now that the directory is operational, the working group is focused on
getting more agencies involved.

The working group is collaborating with the Federal Public Key
Infrastructure Steering Committee, which is spearheading the use of
digital signatures for secure, authenticated messages. At some point,
a federal employee at one agency would be able to send an encrypted
message to an employee at another federal agency. The employee could
use the directory to find the receiver's digital certificate, coding
that acts as an electronic signature.

The group is also working to automate the process of getting names for
the directory, Smith said. Right now, the biggest task is getting the
agency directory together because many agencies do not have a
comprehensive, updated directory.

The creation of those agency directories itself can be an important
benefit, Smith said.



Thomas B. Baines, Senior Programs Manager
Decision & Information Sciences Division
Argonne National Laboratory
DIS900/MS11
9700 South Cass Avenue
Argonne, Illinois 60439
VOICE   (630) 252-5743
UFAX     (630) 252-6073

ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".