Agencies Need to Ensure They Have Adequate Network Capacity
It’s important to make sure that IT leaders have plans they can quickly implement to ensure continuity of operations. “We try to think about potential scenarios and run exercises to make sure people know what they are supposed to do in an emergency,” National Weather Service COO John Murphy has told FedTech. “So when a crisis happens, it’s more of a muscle memory thing, and they aren’t running around in a panic trying to find a plan off the shelf.”
As the General Services Administration notes, one of the most important IT considerations for telework is connectivity and ensuring that users have secure network access to a high-speed, broadband internet connection from an internet service provider.
In today’s challenging times, it is already clear that the extraordinary volume of network traffic that is taking place as entire agencies shift to remote work is putting a strain on agency VPNs and other network resources.
The Energy Department’s Office of Environmental Management has found the agency’s systems can’t handle all of its employees teleworking simultaneously, according to Melody Bell, associate deputy assistant secretary for resource management. “We are considering giving people flexible work hours, so not everybody is on the system at the same time,” Bell said during an ACT-IAC webinar on March 17. “Right now, we are having a critical challenge with bandwidth and everybody taxing the system at the same time, so we were just talking about having people adjust their hours and that we limit the number of people on the Citrix system at the same time.”
According to Nextgov, “the Transportation Department [earlier this month] sent out a memorandum to employees explaining that its VPN could handle only 20,000 concurrent users, while its virtual desktop infrastructure could accommodate an additional 1,200.” The department has 55,000 employees. However, the department later said it could support a totally remote workforce due to “interagency coordination and support from vendor partners.”
Federal CIO Suzette Kent says that her office has been in discussions with internet service providers and telecommunications companies about how they are can scale up to meet increased network demands.
“We started preparing for this a few weeks ago. Agencies did individual assessments of their capacity and took actions then to size it,” Kent tells Federal News Network. “Right now, over the last week and into this week, we see those investments in modernization, like moving to the cloud and the scaling that comes with it, prove the value and give us the results we wanted to see. Agencies are able to go from volumes of a snow day in a region to much larger scale volumes across the country. We’ve done virtual private network testing, and vendors have been very responsive to scale up licenses and with technical tweaks that agencies needed.”
The bottom line is that if agencies’ networks are strained, they need to ensure that they can support the crush of users who are likely going to be working remotely for weeks to come. That means working directly with ISPs under contract to increase network capacity, upgrading VPNs, turning to cloud service providers to handle bursts of traffic and ensuring constant communication between network administrators and the wider staff.
Cybersecurity Is Critical for Users Who Are Teleworking
The increased use of telework means that there are now more targets for malicious actors, especially if employees wind up using their mobile devices for internet hotspots or do not log into a VPN.
Employees are also going to be more susceptible to phishing attacks and social engineering as hackers seek to emulate legitimate emails from users’ bosses that they might not normally get if they were working in the office.
The Global Cyber Alliance advises that users avoid use of public Wi-Fi and use secured and encrypted private networks or mobile hotspots. Users should also take advantage of a protective Domain Name System service to block malicious websites.
IT leaders need to ensure staff are using strong passwords or, even better, multifactor authentication. Users also need to ensure the physical security of their devices and user a privacy screen if they are working in a public space.
Mobile device management and endpoint security platforms can also help IT teams ensure mobile users’ devices are as secure and encrypted as possible.
A March 22 Office of Management and Budget memo notes that agencies need to focus on updating VPN components, network infrastructure devices, and devices being used to enable remote work environments with the latest software patches and security configurations. Agency leaders need to also provide “guidance to employees about how to ensure proper information security and privacy controls are in place when working from alternate locations or home.”
The National Institute of Standards and Technology also offers tips on how agencies can secure virtual meetings. Those include limiting the reuse of access codes; using one-time PINs for sensitive meetings; not allowing the meeting to begin until the host joins; using a dashboard to monitor attendees; avoid recording the meeting unless it is necessary; disable features such as chat and file sharing unless they are needed.
Events can occur at any time that prevent workers from coming into the office. Through a combination of technology, collaboration, patience and support from trusted partners, agencies will get through any disruption while achieving their missions.