Why agencies need to enable remote operations and do it securely

Despite shrinking budgets, federal government agencies plan to increase cybersecurity spending for the foreseeable future.

According to The Wall Street Journal, corporate and government cybersecurity budgets will grow by 9% from 2021 to 2024, reflecting the immense cost and consequences of a cybersecurity incident.

Data breaches have never been more expensive. According to IBM’s most recent Cost of a Data Breach report, the average total cost of a data breach approaches $4 million. At the same time, bad actors are compromising critical services, including pandemic response efforts, by exploiting vulnerabilities with frightening ease.

Unfortunately, these risks are exacerbated by the new hybrid workforce required to keep government services functioning during the pandemic. What’s more, many government agencies rely on computer systems that are involved in operational technology (OT), meaning operational continuity for critical services and public safety is at risk. Critical infrastructure is especially vulnerable when a hybrid workforce, including on-site, remote, and distributed teams, is involved.

Since remote operations will be a workplace standard moving forward, government agencies need to adapt their protocols and technologies to meet the moment.

Addressing remote work vulnerabilities

Remote work comes with incredible upsides. Federal agencies can more easily retain top talent, adapt to shifting circumstances and even boost productivity. However, it also comes with inextricable cybersecurity risks that threaten to undermine these benefits.

For instance, remote workers are more likely to accidentally compromise company data or be lured in by fraudulent activity than their on-site counterparts.

However, when government workers access OT, these risks are amplified. Notably, many agencies are finding that they lack the infrastructure to safely, securely and efficiently support remote operations.

These requirements include:

  • A human-machine interface (HMI) computer system managing a solar array on top of a Department of Veteran Affairs VA hospital.
  • A hydro dam utilizing legacy systems operated by the Bureau of Reclamation.
  • A naval ship requiring remote access to a critical system because of COVID-19 restrictions.
  • A federal agency providing reliable power generation in the wake of a natural disaster.

Of course, the past year serves as a perpetual reminder that disruptions can occur at any time, making remote operations capacity a veritable requirement for providing continuity of care to constituents.

To support these initiatives, the Cybersecurity and Infrastructure Security Agency is developing a Trusted Internet Connections policy, and The Department of Defense is investing $300 million to upgrade its OT.

These remedies won’t solve most agencies’ problems. Instead, they need to pursue ready solutions accommodating a hybrid workforce.

Solutions that work

During these uniquely challenging times, maintaining operational continuity without compromise is more critical than ever. These solutions can help governments meet the moment.

1. Prepare employees to be cyber-secure

In some ways, this transitional time is an opportunity to bolster cybersecurity initiatives at the federal level.

For example, regular phishing scam awareness training coupled with exercise scenarios for ongoing practice is a low-cost solution to a chronic problem. These malicious messages are behind the significant uptick in ransomware attacks and data heists that plague government teams at every level, meaning it was a problem that needed to be solved.

Enabling a hybrid workforce can serve as the impetus to improve cybersecurity training across the board, preparing employees to be potent defenders of your digital environment.

2. Implement the right technology

Remote operations capacity for OT requires the very best cybersecurity standards. While VPNs and other point solutions provide some level of protection, they must be integrated, which is complex, expensive and still might not provide adequate OT system protection from bad actors.

Instead, agencies should look to a “zero trust” model that combines multi-factor authentication, granular system or application authorization and full user access logging and recording, allowing agencies to maintain control of infrastructure system access, data movement, and on-site operations.

New technologies that allow users to authenticate from any standard browser make secure access a simple, easy process for remote and on-site workers alike.

3. Adapt to the latest threats

Long-term cybersecurity priorities require forward vision, as agencies must vigilantly monitor the latest trends and adjust their practices accordingly.

These changes can feel abrupt in a rapidly shifting environment, but a robust defensive posture relies on continually staying ahead of the threat.

Leaders should ask:

  • How do I enable remote operations to critical systems while mitigating risks?
  • What technologies make it safer for my employees and the general public?
  • How can I integrate new technologies without interrupting critical operations?

Governments have a significant responsibility to serve their constituents, especially during challenging times. Whether they are ensuring reliable power during a natural disaster or fostering medical research to defeat a pandemic, operational disruptions cannot occur.

Remote operations capacity is an obvious solution, equipping today’s government workers to communicate, collaborate, and effectively build infrastructure from anywhere at any time.

These opportunities are predicated on excellent cybersecurity strategies, making now the perfect time to get this priority right.

Bill Moore is the CEO and founder, XONA, providers of “zero trust” user access platform especially tailored for remote operational technology (OT) sites. Moore brings more than 20 years’ experience in security and the high-tech industry, including positions in sales, marketing, engineering and operations.

Comments

Sign up for breaking news alerts