Proposed legislation would prohibit use of P2P software like BitTorrent or Limewire on government computers and set policies for employees and contractors.
Following a leaked document that disclosed ethics investigations of members of Congress on a file sharing network, the chairman of the House Oversight and Government Affairs Committee has introduced a bill that would ban the use of public peer-to-peer networks by federal employees.
The Secure Federal File Sharing Act, introduced by Rep. Edolphus Towns, D-N.Y., would require the Office of Management and Budget to prohibit the use of P2P software like BitTorrent or Limewire on government computers and networks and to set policies on home use by federal employees who telework or remotely access government networks.
P2P programs are a popular way to share music, movies, and other digital content. Part of the problem is that, when not properly configured, they can also expose personal documents stored on PCs and laptops, making the documents widely available to anyone on the P2P network. (See "Your Data And The P2P Peril.")
Under the bill, in order to use file-sharing networks, an agency head or CIO would have to make a special request to use P2P software. The bill would ban software that accesses P2P networks in which "access is granted freely, without limitation or restriction, or there are little or no security measures in place."
Agencies will have to establish P2P use policies, require that employees and contractors comply with them, and create security mechanisms to detect and remove prohibited software. OMB will be required to inventory P2P use in government and justify every use to Congress.
The possibility of a bill banning federal government use of public P2P networks has been building. The House last year passed a bill that would have required agencies to set security policies around P2P use, but the bill was never passed by the Senate. Towns first called for a ban this summer, after P2P monitoring company Tiversa testified that it discovered the location of a Secret Service safe house for the First Family on Limewire.
In October, Tiversa provided the House Oversight and Government Reform committee with evidence that secret military documents on P2P networks had been downloaded in China and Pakistan and that personally identifiable information on U.S. soldiers was widely available. Earlier this year, Tiversa discovered the electronic schematics of Marine One, the President's helicopter, on computers in Iran, after being leaked over P2P by a defense contractor. Tiversa and others testified to similar findings, including leaks of classified and secret data, in a hearing in 2007.
The risks of file sharing over P2P resurfaced last month when a source provided the Washington Post with a confidential House ethics committee report that had been exposed on a P2P network by a staffer who has since been fired. Late last month, Speaker Nancy Pelosi, D-Calif., and House Minority Leader John Boehner, R-Ohio, ordered a review on Congressional storage of confidential data.
"We can no longer ignore the threat to sensitive government information that insecure peer-to-peer networks pose," Towns said in a statement. "Voluntary self-regulations have failed, so now is the time for Congress to act."
Even before the ethics committee leak, use of P2P software was banned on Congressional computers, but the leak was apparently inadvertent and came from the ex-staffer's home computer, according to reports. "No matter how robust our cybersecurity systems are, they remain subject to individual error," the House Committee on Standards of Official Conduct said in a statement last month.
Unified computing platforms promise to consolidate everything and anything into a single chassis. Find out about that and more in Network Computing's second all-digital issue. Download the issue here (registration required).
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Digital Transformation Myths & TruthsTransformation is on every IT organization's to-do list, but effectively transforming IT means a major shift in technology as well as business models and culture. In this IT Trend Report, we examine some of the misconceptions of digital transformation and look at steps you can take to succeed technically and culturally.