Federal employee groups and at least one prominent lawmaker are criticizing a recent computer security test conducted by the Justice Department to gauge employees' susceptibility to Internet scams.
Sen. Daniel Akaka, D-Hawaii, had his staff look into the incident, which involved a phony e-mail asking Bureau of Prisons employees to submit their personal information so they could receive a financial bailout to replenish losses in their federal retirement accounts.
"I am concerned that the Department of Justice did not coordinate with other agencies when launching this exercise, but I am pleased that the Federal Retirement Thrift Investment Board took swift action to deal with the possible phishing scheme," said Akaka, chairman of the Senate Homeland Security and Governmental Affairs Federal Workforce Subcommittee. "We have been in contact with Justice about this incident, and they recognize the need for better coordination in the future."
In January, Justice sent an e-mail to employees at the Bureau of Prisons advising them that they might be eligible for a government bailout if they had suffered substantial losses to their Thrift Savings Plan accounts. The department did not inform the Federal Retirement Thrift Investment Board that they were conducting a security test, and the board responded to the e-mail as if it were a genuine threat.
Vance Hitch, Justice's chief information officer, told Government Executive in an interview that it was a mistake not to inform the Thrift Board, and that the board will be alerted to any tests in the future.
Bryan Lowry, president of the American Federation of Government Employees' Council of Prison Locals called the test "an insensitive act, providing a false sense of hope to its employees that offered to allow these employees the ability to bailout their voluntary contributions in a time when these employees have lost tens of thousands of dollars in the ailing market." He also said that he hoped Justice would consider better cybersecurity training, rather than playing on employees' fears about their retirement funds.
Colleen Kelley, president of the National Treasury Employees Union, said her organization would be happy to work with agencies to design appropriate employee training on Internet security.
Benjamin Toyama, western area federal vice president for the International Federation of Professional and Technical Engineers, said he was concerned about the costs imposed on the Thrift Board. He also criticized Justice for taking an unfavorable view of their employees by staging such a test in the first place.
"The DoJ testing the intellect of their own employees is despicable; don't they think they hired smart people?" he asked. "Why are they wasting time to do something like this when we are faced with many phishing scams almost daily? Don't they have anything better to do? If this is a security test of their own employees, they should fire their security manager for being unimaginative and shallow."