Exclusive

New DHS guidance to address long-standing network issues as telework exacerbates the problems

With the sudden surge of federal employees working remotely, the Homeland Security Department will issue interim guidance to relieve some of the challenges of getting on to agency networks.

Multiple sources confirm the Cybersecurity and Infrastructure Security Agency will release a telework-focused temporary Trusted Internet Connections 3.0 directive early next week.

Sources say the CISA wants to help relieve the latency of connecting back to agency networks through virtual private networks and to government cloud services, such as Office 365.

The goal, according to multiple sources, is to give agencies more flexibility to keep employees connected to data and applications, while not losing any security rigor.

One source said the interim guidance is trying to make it easier on agencies to adjust their networks while also giving them some top cover.

Additionally, sources say the interim guidance is good for only the rest of the calendar year 2020, and CISA continues to work on TIC implementation guidance that is expected to come later this spring.

The Office of Management and Budget released the final TIC 3.0 guidance in September. CISA built on the policy in December by releasing five draft guidance documents giving agencies more details on how they can implement the new standards.

This new interim guidance is built off of the use case for branch offices or remote workers.

“The branch office use case defines how network and multi-boundary security should be applied when an agency has personnel in more than one physical location,” DHS wrote in the draft document released on December. “This use case helps agencies gain application performance (latency, throughput, jitter, etc.); reduce costs (through reduction of private links); and improve user experience by facilitating branch office connections to agency-sanctioned cloud services, the web and agency internal services.”

The use case describes three security approaches:

  • Direct connection from the branch office to the cloud service;
  • Branch office to the cloud service, utilizing the agency campus as an intermediary traffic forwarding step;
  • Branch office to the cloud service, utilizing a cloud access security broker or other security-as-a-service provider as an intermediary forwarding step.

“The branch office use case is composed of four trust zones: agency campus, agency branch office, cloud service provider and web. Branch office network traffic flows to and from an agency campus, to and from an agency CSP, and to and from the web,” DHS wrote. “A branch office user is able to interact with CSP resources without having to connect directly through the agency.”

Part of the problem with TIC has been the requirement to back through the agency network that included software or services meeting the cyber standards, and then back out to the public internet or cloud application. This is part of the reason why TIC requirements have long been a problem for agencies connecting to cloud services or remotely.

And now, some agency networks and virtual private networks are feeling the brunt of a majority of federal employees teleworking.

A Federal News Network online survey of 1,047 federal employees found technology was a common concern with respondents say their VPNs or networks can’t handle the load.

“The U.S. Air Force servers cannot handle the load. I’ve not been able to access work emails from home 99% of the time during the past three days. Since I don’t have a government laptop, accessing the work servers via VPN is not possible,” wrote one respondent during the survey timeframe of March 18-23.

Another said, “The network is behaving erratically due to too many people on the VPN.”

Other respondents were more positive saying their networks and VPNs were working well.

“The FCC leadership has done an outstanding job implementing teleworking and advising its staff regarding the COVID-19 threat. The network is working well under the new virtual desktop stress,” wrote one employee.

While others said their agency had to prepare for the increase in teleworkers.

“Department’s VPN capabilities had to be expanded,” wrote one respondent.

Another said, “Agency has issued guidance to reduce bandwidth consumption through VPN connection.”

Related Stories

Comments

Sign up for breaking news alerts