Mar 30 2020

Feds Need to Keep Telework IT Running Smoothly to Maintain Continuity of Operations

Network capacity and cybersecurity are among the key considerations IT leaders need to manage when disaster strikes.

Federal agencies often need to maintain critical operations amid emergencies and natural disasters. Keeping users online, ready to work and secure are the cornerstones of any disaster recovery operation. Sometimes, only part of an agency is affected. In other cases, an entire agency may require its staff to work remotely if an office is closed or if transportation is cut off. 

When government offices are closed for any reason, agencies are faced with the task of maintaining telework solutions and cybersecurity for entire offices, resulting in mass amounts of federal employees working remotely.

The essential telework tools — thin clients, VPNs, online meeting platforms, instant messaging, tethering and VoIP — need to function smoothly and be secured. That is going to make the need for adequate network capacity more pressing than ever and is also raising critical questions about how to ensure those users do not compromise agencies’ IT security as they work remotely. 

Something IT leaders should also keep in mind as they scale up telework capabilities is that they should identify IT administrators who can take over their IT operations management if the executive management team is otherwise unavailable. 

Sean Torpey, former acting CIO of the Federal Aviation Administration has told FedTech that if, for example, the FAA headquarters in Washington, D.C., is damaged, Torpey will pass the baton to an IT leader at the FAA’s aeronautical center in Oklahoma City. Once Torpey reaches either of two backup office locations, he can retake control of the organization. “If I’m down, someone needs to lead the ship. We have people who will take over the responsibility in other areas of the country, so IT can still be running,” he says.

Agencies Need to Ensure They Have Adequate Network Capacity

It’s important to make sure that IT leaders have plans they can quickly implement to ensure continuity of operations. “We try to think about potential scenarios and run exercises to make sure people know what they are supposed to do in an emergency,” National Weather Service COO John Murphy has told FedTech. “So when a crisis happens, it’s more of a muscle memory thing, and they aren’t running around in a panic trying to find a plan off the shelf.”

As the General Services Administration notes, one of the most important IT considerations for telework is connectivity and ensuring that users have secure network access to a high-speed, broadband internet connection from an internet service provider. 

In today’s challenging times, it is already clear that the extraordinary volume of network traffic that is taking place as entire agencies shift to remote work is putting a strain on agency VPNs and other network resources. 

The Energy Department’s Office of Environmental Management has found the agency’s systems can’t handle all of its employees teleworking simultaneously, according to Melody Bell, associate deputy assistant secretary for resource management. “We are considering giving people flexible work hours, so not everybody is on the system at the same time,” Bell said during an ACT-IAC webinar on March 17. “Right now, we are having a critical challenge with bandwidth and everybody taxing the system at the same time, so we were just talking about having people adjust their hours and that we limit the number of people on the Citrix system at the same time.”

According to Nextgov, “the Transportation Department [earlier this month] sent out a memorandum to employees explaining that its VPN could handle only 20,000 concurrent users, while its virtual desktop infrastructure could accommodate an additional 1,200.” The department has 55,000 employees. However, the department later said it could support a totally remote workforce due to “interagency coordination and support from vendor partners.”

Federal CIO Suzette Kent says that her office has been in discussions with internet service providers and telecommunications companies about how they are can scale up to meet increased network demands. 

“We started preparing for this a few weeks ago. Agencies did individual assessments of their capacity and took actions then to size it,” Kent tells Federal News Network. “Right now, over the last week and into this week, we see those investments in modernization, like moving to the cloud and the scaling that comes with it, prove the value and give us the results we wanted to see. Agencies are able to go from volumes of a snow day in a region to much larger scale volumes across the country. We’ve done virtual private network testing, and vendors have been very responsive to scale up licenses and with technical tweaks that agencies needed.”

The bottom line is that if agencies’ networks are strained, they need to ensure that they can support the crush of users who are likely going to be working remotely for weeks to come. That means working directly with ISPs under contract to increase network capacity, upgrading VPNs, turning to cloud service providers to handle bursts of traffic and ensuring constant communication between network administrators and the wider staff. 

READ MORE: Find out how telework tools help agencies compete for and keep talented employees.

Cybersecurity Is Critical for Users Who Are Teleworking

The increased use of telework means that there are now more targets for malicious actors, especially if employees wind up using their mobile devices for internet hotspots or do not log into a VPN. 

Employees are also going to be more susceptible to phishing attacks and social engineering as hackers seek to emulate legitimate emails from users’ bosses that they might not normally get if they were working in the office. 

The Global Cyber Alliance advises that users avoid use of public Wi-Fi and use secured and encrypted private networks or mobile hotspots. Users should also take advantage of a protective Domain Name System service to block malicious websites.

IT leaders need to ensure staff are using strong passwords or, even better, multifactor authentication. Users also need to ensure the physical security of their devices and user a privacy screen if they are working in a public space. 

Mobile device management and endpoint security platforms can also help IT teams ensure mobile users’ devices are as secure and encrypted as possible. 

A March 22 Office of Management and Budget memo notes that agencies need to focus on updating VPN components, network infrastructure devices, and devices being used to enable remote work environments with the latest software patches and security configurations. Agency leaders need to also provide “guidance to employees about how to ensure proper information security and privacy controls are in place when working from alternate locations or home.” 

The National Institute of Standards and Technology also offers tips on how agencies can secure virtual meetings. Those include limiting the reuse of access codes; using one-time PINs for sensitive meetings; not allowing the meeting to begin until the host joins; using a dashboard to monitor attendees; avoid recording the meeting unless it is necessary; disable features such as chat and file sharing unless they are needed. 

Events can occur at any time that prevent workers from coming into the office. Through a combination of technology, collaboration, patience and support from trusted partners, agencies will get through any disruption while achieving their missions.

This article is part of FedTech’s CapITal blog series. Please join the discussion on Twitter by using the #FedIT hashtag.

CapITal blog logo

AlenaPaulus/Getty Images