How Telework Made These Federal Agencies More Secure
Many federal agencies scrambled to adjust their cybersecurity strategies while shifting to remote work in March at the beginning of the coronavirus pandemic. But some federal agencies, like the Defense Logistics Agency (DLA) and Defense Contract Audit Agency, found telework helped them improve their cybersecurity posture.
Linus Baker, cybersecurity director for the DLA, said the agency reduced its cyber attack surface by half since the beginning of the pandemic.
“From a cybersecurity perspective, I want to stress our virtual desktop infrastructure,” he said. “More than half of our users are on user-managed devices. Those are never seated on our network, they’re not endpoints that provide an attack vector for an adversary, so by that perspective, we’ve lessened our attack surface by more than half. We gained a benefit there, and an efficiency perspective in executing the agency’s mission.”
Baker said DLA already had a reliable telework strategy in place before the pandemic, which streamlined the mass shift in March.
“Most of the challenges we’ve faced have been mostly administrative, with users who unfortunately weren’t or aren’t able to telework,” he said at a FedInsider webinar last week. “We had some issues with user accounts because of the timeframe for logging in. But significant challenges? I would say no because we were poised for this given our large telework presence. In many ways DLA was ahead of the game.”
Anita Bales, director of the DCAA, said the agency was also “well positioned” for the shift to 100% telework because 30% of the agency’s employees already teleworked before the pandemic.
DCAA initially struggled to ensure its remote employees had enough bandwidth, but DOD helped sort that out relatively quickly, Bales said.
The DCAA also didn’t face any major cybersecurity challenges when shifting to telework, largely because it was already familiar with typical telework challenges like ensuring VPN security.
“With our VPNs, we made sure before we went into all of this we had all our security patches up to date and deployed a new patch right when we were going out,” she said during the webinar. “We would shut one [VPN] down and operate off of the other until we had all the patches in place.”
Telework strategies aside, Bales said employees’ good cyber hygiene is fundamental to any organization’s cybersecurity strategy, especially while working remotely.
“Make sure you’re not opening emails you’re not familiar with,” she said. “Remember you are a DOD employee using your government computer — make sure you don’t use anything outside of our VPNs. Bad actors know we’re in a virtual environment, and they’re going to try to take advantage of that.”
This is a carousel with manually rotating slides. Use Next and Previous buttons to navigate or jump to a slide with the slide dots
-
DOD Has a New Cyber Resiliency Assessment Program
Defense officials tout the continuous assessment feature and scalability of the new program amid increased cyber threats.
5m read -
Transitioning Systems for Modern Agency Missions
IT modernization is a constant process necessary for improving customer service, mission delivery and collaboration.
40m watch -
Cyber Resilience and Recovery Amid Evolving Cyber Threats
Data durability is a key aspect of NIST’s cybersecurity framework for public and private organizations.
21m listen -
How Tech Enables Environmental Justice at EPA
The agency wants to eliminate bias and establish new tech standards to reduce greenhouse gas emissions.
39m listen