The Pivot to Mass Remote Work: DIA Was ‘Out of Our Comfort Zone’

FEDTECH: What IT situations arose that you did not expect? How did you handle them?

Gumtow: Like most of the intelligence community and sister components within the Department of Defense, the DIA spends a vast majority of its time working within a classified environment. For many reasons, most of our day-to-day efforts are spent on the “high side” — the Joint Worldwide Intelligence Communications System. JWICS allows agency personnel to work within a secure environment effectively across time zones. It also provides the greatest depth of knowledge for a given problem set and associated data. JWICS has become the foundational underpinning of DIA’s IT environment. The reality, as it has turned out, is that many of our day-to-day tasks and conversations can truly be conducted on unclassified systems — the low side — within a telework environment.

All this to say, suddenly having a huge portion of our workforce and day-to-day tasks pushed to an unclassified environment created surprises that we had to quickly address. We first prioritized what was most important and then began developing and implementing our capabilities. This required a lot of troubleshooting as issues arose from having so many personnel using our unclassified environment in a fashion that it wasn’t originally designed to accommodate. For instance, the seemingly basic process of maintaining up-to-date email distribution lists was not in place on our unclassified systems. As a result, there was some very tangible time dedicated to mirroring our high-side groups between the high side and the low side just so people could communicate.

Then came another unexpected IT dilemma: realizing that not everyone could access their unclassified official email accounts properly from home. There were a variety of reasons that curtailed the use of official email from home, such as a limited number of computers available at home (as computers were being shared full time with children for online learning and partners who are also teleworking); lack of access to a Common Access Card reader that allows two-factor authentication into email; issues with individual CAC credentials; limitations on network capacity (either at home or on our government network); or limitations on the back-end email system, among other issues. 

The CIO team quickly evaluated a host of collaboration tools used across corporate America, DOD and the [intelligence community]. We ultimately ruled out many because of security concerns. We settled on Microsoft Teams and implemented the government-sponsored version of Microsoft Office 365. The collaboration capability is helpful in synchronizing our in-office team with our telework team, allowing us to conduct virtual meetings and host town halls with our workforce. We coupled this with a government-sponsored, CAC-enabled capability that allows us to post information and share documents within a government-managed unclassified environment. 

Overall, we were not well postured to have 75 percent of our workforce working from home when this kicked off. Since our culture and operational environment were on the high side, we used the unclassified domain for only a few functions that were mostly administrative in nature, such as contracting and recruiting. As our workforce is slowly beginning to be reconstituted to traditional onsite functions, we are working to scale and maintain a hybrid model where we maintain rigorous connectivity across all domains. 

Within the DIA CIO organization, I’ve set the goal of 33 percent of our team working in a hybrid telework status at any given time, permanently. This pandemic provided our team a wake-up call about how we can operate differently yet still be effective. There is no going backward or returning to the past. As an organization, this crisis that has forced us out of our comfort zone is actually making us stronger.

MORE FROM FEDTECH: Discover how to prepare technology in advance of a virtual meeting.

FEDTECH: What did you learn about your agency’s ability to handle telework that you didn’t know before?

Gumtow: My biggest takeaway from this entire situation is a reminder of how resilient and adaptable people are, and what they are capable of doing. I have been continually impressed by my organization’s ability to adjust to a new working environment, and to find ways to be productive outside of our typical construct. Sometimes a crisis becomes the forcing function to enable you to think outside of the box and to implement smarter, more effective and more efficient ways of tackling challenges.

We’ve been forced to rethink the traditional work model within DIA and are identifying specific functions, down to the task level, that can be performed outside of our classified environment. This is a huge cultural change for us, and I’m excited about how it will open up additional opportunities for the agency in the future. Done the right way, telework offers flexibilities and conveniences for our workforce that just weren’t a part of the equation a few months ago. Work-life balance is improving; the culture of collaboration is improving; shifting our collective mindsets to the art of the possible is improving. Moving forward, telework will always be part of DIA’s equation. We’ve established a robust unclassified space that can be accessed outside traditional settings. I want DIA to be on the leading edge of improving our long-term telework capability.

MORE FROM FEDTECH: How to ensure your VPN can handle work-from-home traffic. 

FEDTECH: How are you ensuring cybersecurity during a massive increase in telework?

Gumtow:  Since Sept. 11, the national security community has been dedicated to securely sharing information to ensure the continued protection of our nation and to galvanize our ability to enable strategic advantage. Information sharing requires the ability to share both unclassified and controlled unclassified information (CUI), often in real time. To that end, the IC and DOD have been prepared to enable such information sharing and processing under conditions such as they are today.

I’ve often said that I cannot live within a zero-risk environment and implement capabilities that are totally secure. Anything done on the unclassified environment, by its nature, is not secure. My goal has been to implement capabilities that provide a level of security that is commensurate with the level of operations and work being conducted. Does that mean it is impenetrable? No, it doesn’t. What it means is that we have and are implementing tools and monitoring activities, and we’re educating our workforce on the risks and how to operate within that environment. This includes knowing what can be shared and what they can do on the unclassified environment. 

When DIA mobilized a large portion of the workforce into a telework environment as a result of COVID-19, we did not have to look far to identify capabilities and tools to enable us to continue our mission. Both the IC and DOD had existing environments that not only enabled sharing of information and real-time collaboration but also offered a level of security commensurate with the level of information that we could use and operate within. DIA immediately took steps to leverage these capabilities.

To ensure the secure use of the telework environment, DIA began to inform the workforce through daily awareness campaigns on the unclassified domain — including information specific to the telework environment, capabilities and security requirements. Daily and weekly reminders are sent to personnel to reinforce awareness of CUI protection requirements and to ensure cybersecurity incidents of any kind are minimized and reported. 

To increase the available capabilities and to enhance long-term telework, DIA is committed to expanding our telework capabilities and services. Working closely with our partners, DIA has been able to quickly deliver a secure environment that has enabled employees to collaborate via chat, email, and audio and videoconferencing, as well as to use other secure environments to build, share and disseminate official documentation. 

The new capabilities we have, and continue to deploy, are allowing DIA to stay laser-focused on our mission during this pandemic and future crises that may arise. This “new normal” has offered DIA an opportunity to learn how to become more flexible and better at managing risk, and it has certainly kept our cybersecurity professionals fully employed.

READ MORE: Learn how to make federal telework a long-term success.