IT Pros May Face Background Checks
White House backs measures that include the screening of private-sector employees
Computerworld - Washington
The Bush administration plans to convene a panel of government and private-sector labor and legal experts to develop guidelines for subjecting tens of thousands of corporate IT and other employees to background investigations.
The panel, as described in the president's "National Strategy for Homeland Security" report, released July 16, would be convened jointly by the secretary of Homeland Security and the attorney general following the establishment of a cabinet-level Department of Homeland Security. It would examine whether current employer liability statutes and privacy concerns would hinder "necessary background checks for personnel with access to critical infrastructure facilities or systems."
That means employees in industries that include banking, chemicals, energy, transportation, telecommunications, shipping and public health would be subject to background investigations as a condition of employment.
"Personnel with privileged access to critical infrastructure, particularly [IT-based] control systems, may serve as terrorist surrogates by providing information on vulnerabilities, operating characteristics and protective measures," the Bush report states.
Some IT professionals see the plan as both an infringement on civil liberties and a recipe for destroying innovation and economic prosperity.
Jonathan Blitt, president of ITT Industries Inc.'s Network Systems & Services division in New York, said expanding background investigations would do more harm than good.
"I [have] great concern with any effort to expand the size of government intervention in commercial operations. The people you most want on your side are the people that may seem least desirable to a panel of so-called experts," Blitt said, referring to the community of programmers and ethical hackers who often live on what he referred to as the "fringe" of society.
"This pandering to the masses should stop, and professional reason should start. This plan could put shackles on an industry that is critical to the growth of our country."
Others see no problem with the requirement for background investigations. Eric Johansen, a systems analyst at ReliaStar Life Insurance Co. in Minneapolis, is one of those.
"Yes, there is added cost, but companies should be doing this anyway as part of standard hiring procedures," Johansen said. "A position like systems analyst [or] network administrator requires access to extremely sensitive data and control of many business-critical tasks. It would be ridiculous not to screen employees. Companies should not need President Bush's push in order for this to happen."
Indeed, background investigations are already conducted by many companies that have sensitive or critical positions that are vulnerable to terrorist infiltration, such as airport baggage screeners and air marshals, said Ed Badolato, president of Washington-based Contingency Management Services Inc. Investigations are necessary because they "provide a baseline for preventing known criminals and potential terrorists from working in vulnerable areas," said Badolato, who oversaw some of the government's most stringent and expensive background investigations when he served as deputy assistant secretary for energy emergencies at the Department of Energy.
- Top 12 Laptop Bags for Mobile Pros
- Think Deleted Text Messages Are Gone Forever? Think Again
- 7 New Faces of the C-suite
- 5 Ways CIOs Can Rationalize Application Portfolios
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Alert Logic for PCI DSS Compliance To achieve PCI DSS compliance, you must identify and remediate all critical vulnerabilities detected during PCI scans. Threat Manager streamlines this process by...
- Cybersecurity Imperatives Reinvent Your Network Security With Palo Alto Networks The Rise of CyberSecurity
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts