In September 2016, the conclusions of a report by USA Today, produced by a committee of the US House of Representatives, summarised an investigation into last year’s attack on the US Office of Personnel Management which exposed the personal data of millions of public employees and citizens. The 231 page report suggested that to prevent cyber attacks, federal agencies of the United States should establish a system of ‘zero trust’. ‘Zero trust’ means that government employees are considered as an equally big security threat as any outside user. More specifically, all data traffic travelling over governmental agencies’ networks is considered as threat traffic until authorized by the IT team.
The article did not comment on the reaction of the government officials affected by this proposal, although one would guess it has not been hugely applauded…
It’s one thing to propose some of the actions included in the report. This included proposals such as paying competitive salaries in order to attract computer security experts, mechanisms to ensure security issues are reported efficiently, and modernizing federal computer networks to facilitate the encryption of sensitive information. However, it is something else for a politician to tell a public servant that they are about as deserving of trust from the government as a total stranger.
Some may argue that digital skills are something ‘modern’. With many government officials not being ‘digital natives’ they do not know very well how to behave online, so it is very easy for them to screw things up inadvertently. But still, federal agencies are surely more aware of this risk than they were a decade ago. They could have launched training programs aimed at enhancing the digital competence, particularly the digital behaviour, of their employees. Considering the situation, it seems they have not done it; or if they have done it, they have achieved very poor results.
The worst part is the impact that ‘zero trust’ can have on the mindset of government officials at work and, subsequently, on their performance.
The message reflects a way of thinking still present in the minds of many business leaders. Even if they don’t say it explicitly, they may be of the opinion ‘think the worst and you won’t be far from the truth’. This belief is terribly pernicious for an organization’s agility. To succeed in today’s volatile, complex, and uncertain world, organizations more than ever need the skills, imagination, relationships and passion of their people. And without a climate of trust this simply will not happen.
If an organization does not trust it’s people it will move much more slowly than its competitors. In an organization which lacks trust, everything needs to be supervised, resources go to monitoring systems instead of being applied to productive investments, and people don’t dare to experiment or connect to outsiders in order to sense what is going on in the organization’s environment.
American legislators and business leaders who propose a ‘zero trust’ environment forget that the feeling of being trusted encourages people to take risks, open up, share the bad news, and question things. All of these things are essential to innovation, learning, and making sense of a changing world.
Three years ago, Amy J.C. Cuddy, Matthew Kohut and John Neffinger supported this in an article titled “Connect, Then Lead”, published in the Harvard Business Review:
“In management settings, trust increases information sharing, openness, fluidity, and cooperation. If coworkers can be trusted to do the right thing and live up to their commitments, planning, coordination, and execution are much easier. Trust also facilitates the exchange and acceptance of ideas — it allows people to hear others’ message — and boosts the quantity and quality of the ideas that are produced within an organization”
In short, if an employer does not trust their employees, how can these employees be expected to give their best at work?
Link to Spanish version
Photo credit: pexels.com