As Federal agencies increasingly move to telework due to the COVID-19 pandemic, Federal IT leaders across the government agreed that communication is a key building block for successful teleworking. The panelists specifically zeroed in on the importance of maintaining a strong cybersecurity posture even as employees begin to conduct work on their own network and potentially expose the agency to more cyberattacks.
At today’s AFFIRM webinar, Beth Cappello, acting CIO for the Department of Homeland Security (DHS), said she is “cautiously optimistic” at how well DHS’ workforce has been able to adjust to teleworking. That optimism comes from how well DHS has been able to communicate with its employees – both the IT staff and non-IT that are now teleworking.
Part of that communication, Cappello said, started before COVID-19 began dominating the nation’s attention. She said cyber hygiene policies are reinforced frequently. Considering the current health crisis, she said DHS did “beef up” tips, tricks, and FAQs available for employees.
On top of communication, DHS has worked to ensure the strength of its telework infrastructure was even before it was needed. “In our telework agreements, we regularly ask people to exercise their telework capabilities, so we know [the telework tools] are working,” she explained. Thanks to training, frequent communication, and testing, Cappello said DHS “hasn’t seen a significant spike in help desk calls” since the workforce began teleworking.
Dan Chandler, CISO for the Office of Management and Budget (OMB), agreed that OMB testing its telework infrastructure before it was needed has proved beneficial. “Most of our staff is used to sporadically working from home.” With that behavior already in place, OMB has been able to work on scaling its infrastructure to make sure that if there was ever a day when everyone needed to work from home – like OMB is currently experiencing – its infrastructure was ready to handle that.
When it comes to maintaining cybersecurity during the COVID-19 crisis, Chandler again stressed the importance of communication. When employees are struggling with a task, Chandler said it’s important that they reach out to his team for IT help, and that they “don’t try to solve [IT] problems on [their] own.” His team is stressing to OMB employees that they should “reach out to us to find solutions that will protect you, the agency, and the administration.” He said it is about “fostering the relationship of trust” and making sure OMB employees know that his team isn’t “the culture of no,” but instead “the culture of helping you do your job more effectively.”
Building off the idea of cybersecurity training, Chandler said that agencies need to making training more interesting. “If the majority of cybersecurity incidents are being caused by people, that means they can be prevented by people,” he said. But current trainings are boring, and people dread doing them. With that in mind, Chandler’s team at OMB is reaching out to cybersecurity training vendors and asking them to integrate content that is more fun and entertaining. He said some vendors are bringing in comedians or creating trainings that look more like sitcoms and less like PowerPoints.
While many Federal agencies have already had teleworking capabilities in place well before the current crisis, Lynne Clark, deputy chief of the Center for Education Outreach and Innovation, National Cryptologic School and program office manager, NSA/DHS National Centers of Academic Excellence in Cybersecurity National Security Agency, doesn’t have that benefit.
Given the nature of their work, “teleworking is a little harder for us,” she explained. “We really aren’t in a position to do most of our jobs from home.” With that in mind, her agency is focusing on making sure employees understand the threat and that “all it takes is one user to the wrong thing and the best-laid plans go awry.” The agency is focusing on “communication and keeping everyone informed,” as well as reinforcing cybersecurity best practices regularly – “you can’t just do it once a year.” However, given the struggles her agency faces with teleworking, Clark said: “the biggest thing is to keep people calm and to keep people focused on doing as much of their job as they can, and accept that some things won’t be able to get done.”