Resistance in some parts of the Federal government to the use of mobile communications hinders progress and a cultural shift is needed to embrace risk and adapt to emerging technologies to create a more secure and efficient work environment, said Mark Gorak, principal director for Resources & Analysis at the U.S. Department of Defense (DoD).
Speaking at ATARC’s Federal Mobility Summit on Sept. 19, Gorak said some parts of the Federal government – particularly DoD and intelligence agencies that handle classified subjects – have fostered a culture of resistance to mobility and open communication.
“We are in the midst of another period of revolutionary change with mobile communications, and that change is inevitable,” Gorak said. “Our government lags behind such change for a couple of reasons: complexity, perception of risk, and culture.”
He explained that under current policies, cell phones are not permitted in secure work environments – also known as Sensitive Compartmented Information Facilities (SCIFs). Today, there are SCIFs where individuals with hearing aids for Bluetooth-enabled devices, heart monitors, and glucose monitors must remove these devices.
This restriction stems from a culture among information security officers that often prioritizes “no” as the first response.
“We need to lead this time of change with visionaries who embrace risk and adopt this change. We must manage the ‘no’ culture to realize the potential for secure work,” Gorak said.
He further explained that mobility and open communication does not equate to unsecured communication. Transitioning away from a “no” culture in information security does not mean saying yes to everything. Instead, Gorak advocated for a shift toward a culture where officers assess the risks and then provide a yes with appropriate risk mitigation.
“Organizations must foster a culture where open communication is encouraged and security risk is addressed, mitigated, and accepted, but not necessarily eliminated. This involves a transparent decision making process, clear communication of policies and a commitment to ethical practices,” Gorak said.
In addition, he emphasized that agencies to be adaptive and resilient in ensuring secure operations.
“To ensure secure work, we must be adaptive and resilient, staying informed about emerging trends – from AI to zero trust principles to quantum-resistant cybersecurity. We must continuously update our skills and be open to new ways of thinking and working,” Gorak said. “Organizations must understand current technology, mitigate security risks, and invest in training and development programs to equip their workforce with the tools needed to thrive and adapt to change.”
Lastly, Gorak emphasized that creating a secure work environment that fosters a culture of open communication “is a collaborative responsibility.” It requires collaboration between employees, employers, policymakers, and technology providers to develop comprehensive strategies that address the multifaceted nature of secure mobility.
“By working together, we can develop comprehensive strategies that address the multifaceted nature of work security. This includes promoting [and] implementing robust cybersecurity protocols, and advancing policies that acknowledge and mitigate security risks,” Gorak said.
