Focus on digital home working
Between July and October 2020, the Netherlands Court of Audit investigated what ICT tools the staff of Dutch ministries and High Councils of State were using, what they were being used for, what security risks they represented and how the organisations concerned communicated their policies.
Risks of digital home working in central government
Our investigation found that the way civil servants used collaborative ICT tools sometimes put information security at risk. Contrary to the rules, for instance, some civil servants shared confidential work-related information via WhatsApp. Furthermore, not all civil servants knew precisely what rules they had to follow or thought they were practical.
Why did we investigate digital home working in central government?
On 16 March 2020 the Dutch prime minister directly addressed the nation to inform it about a serious crisis. In the days before, many schools and universities, bars, restaurants and offices had closed their doors. Working from home, wherever possible, had suddenly become the norm. Overnight, nearly all the approximately 175,000 civil servants at the ministries and High Councils of State also had to work from home wherever possible: often very successfully. While the trains ran empty and the roads were abandoned, working from home took off. Civil servants collaborated and communicated by telephone, traditional network discs and email, and increasingly by means of video conferences, messaging apps and online collaborative platforms. Collaborative ICT tools are not new, but they were suddenly being used en masse and for a variety of new purposes. This raised many questions among the users. Are video calls via Zoom secure or not? What information may I share in an app? How can I use my personal laptop securely for work?
What methods did we use in our investigation?
We circulated an online questionnaire via the Ministry of Defence’s intranet, Rijksportaal, and the OnsCommunicatieRijk online community. The high response rate and the questionnaire’s wide circulation gave the findings more prominence in our report.
To gain further information, we held interviews with Chief Information Officers (CIOs), Chief Information Security Officers (CISOs) and the staff of CIO Offices and the Central Government CIO because they were well informed of their organisations’ use of collaborative ICT tools and the policies pertaining to their use. To determine whether the policies were being implemented consistently, we asked the ministries’ CIOs and CISOs what ICT tools ministers and state secretaries were using, what policies applied to them and how the policies were communicated to them. We used the interviews primarily to identify risks and opportunities. We also studied literature on the phenomenon of shadow IT and analysed the answers to the open questions in the questionnaire.
Current status
The investigation report was published on Monday 2 November 2020.