Agencies Focus on Security, Network Bandwidth
The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency has given agencies additional cybersecurity tools to help IT leaders navigate increased usage of telework solutions.
Federal CIO Suzette Kent and her staff have been talking with internet service providers and telecommunications companies about how to ensure users have enough bandwidth and how networks can be made more secure.
“We started preparing for this a few weeks ago. Agencies did individual assessments of their capacity and took actions then to size it,” Kent tells Federal News Network. “Right now, over the last week and into this week, we see those investments in modernization, like moving to the cloud and the scaling that comes with it, prove the value and give us the results we wanted to see.”
Agencies have been able to scale from the traffic volumes they would typically experience on a snow day in a region “to much larger scale volumes across the country,” Kent says. “We’ve done virtual private network testing, and vendors have been very responsive to scale up licenses and with technical tweaks that agencies needed.”
How Agencies Can Defend Against Cyberattacks
CISA has also published a set of risk management proposals agencies can use to guard against increased cyberattacks.
Agencies have a responsibility to enhance their overall cybersecurity defenses for their networks and data, CISA notes. The agency recommends IT leaders do the following:
- Ensure VPNs and other remote access systems are fully patched
- Enhance system monitoring to receive early detection and alerts on abnormal activity
- Implement multifactor authentication for all users
- Ensure all hardware has properly configured firewalls as well as anti-malware and intrusion prevention software installed
- Test remote access solutions capacity or increase capacity
- Ensure continuity of operations plans or business continuity plans are up to date
- Increase awareness of IT support mechanisms for employees who work remotely
- Update incident response plans to consider workforce changes in a distributed environment
As CISA notes, individual users have responsibilities to practice good cyberhygiene too. They should avoid clicking on links in unsolicited emails and be wary of email attachments, CISA advises. Users should not reveal personal or financial information in emails and should not respond to email solicitations for such information.
IT staff and other government users should also review CISA’s tips on avoiding social engineering and phishing scams for more information on how to recognize and protect against phishing. The Federal Trade Commission also has a helpful blog post on scams related to COVID-19.