With the sudden surge of federal employees working remotely, the Homeland Security Department will issue interim guidance to relieve some of the challenges of getting on to agency networks.
Multiple sources confirm the Cybersecurity and Infrastructure Security Agency will release a telework-focused temporary Trusted Internet Connections 3.0 directive early next week.
Sources say the CISA wants to help relieve the latency of connecting back to agency networks through virtual private networks and to government cloud services, such as Office 365.
Insight by Red Hat: Federal technology experts examine why establishing an organizational culture around outcomes, with DevSecOps supporting them, is crucial in this exclusive executive briefing.
The goal, according to multiple sources, is to give agencies more flexibility to keep employees connected to data and applications, while not losing any security rigor.
One source said the interim guidance is trying to make it easier on agencies to adjust their networks while also giving them some top cover.
Additionally, sources say the interim guidance is good for only the rest of the calendar year 2020, and CISA continues to work on TIC implementation guidance that is expected to come later this spring.
The Office of Management and Budget released the final TIC 3.0 guidance in September. CISA built on the policy in December by releasing five draft guidance documents giving agencies more details on how they can implement the new standards.
This new interim guidance is built off of the use case for branch offices or remote workers.
“The branch office use case defines how network and multi-boundary security should be applied when an agency has personnel in more than one physical location,” DHS wrote in the draft document released on December. “This use case helps agencies gain application performance (latency, throughput, jitter, etc.); reduce costs (through reduction of private links); and improve user experience by facilitating branch office connections to agency-sanctioned cloud services, the web and agency internal services.”
The use case describes three security approaches:
“The branch office use case is composed of four trust zones: agency campus, agency branch office, cloud service provider and web. Branch office network traffic flows to and from an agency campus, to and from an agency CSP, and to and from the web,” DHS wrote. “A branch office user is able to interact with CSP resources without having to connect directly through the agency.”
Part of the problem with TIC has been the requirement to back through the agency network that included software or services meeting the cyber standards, and then back out to the public internet or cloud application. This is part of the reason why TIC requirements have long been a problem for agencies connecting to cloud services or remotely.
And now, some agency networks and virtual private networks are feeling the brunt of a majority of federal employees teleworking.
“The U.S. Air Force servers cannot handle the load. I’ve not been able to access work emails from home 99% of the time during the past three days. Since I don’t have a government laptop, accessing the work servers via VPN is not possible,” wrote one respondent during the survey timeframe of March 18-23.
Another said, “The network is behaving erratically due to too many people on the VPN.”
Other respondents were more positive saying their networks and VPNs were working well.
“The FCC leadership has done an outstanding job implementing teleworking and advising its staff regarding the COVID-19 threat. The network is working well under the new virtual desktop stress,” wrote one employee.
While others said their agency had to prepare for the increase in teleworkers.
Want to stay up to date with the latest federal news and information from all your devices? Download the revamped Federal News Network app
“Department’s VPN capabilities had to be expanded,” wrote one respondent.
Another said, “Agency has issued guidance to reduce bandwidth consumption through VPN connection.”