The coronavirus pandemic multiplied the need for agency wide telework capabilities, which also means more security concerns.
Venice Goodwine, chief information security officer for the Agriculture Department, said her agency took a phased approach with capacity tests across different mission areas. She said USDA needed to gauge what the work load would be for the network and VPN connections, and from there it eased into the enhanced telework posture it’s currently adopted.
She said part of the trial was also to make sure teleworkers could use the right equipment at home and that HR was prepared. Keeping public private partnerships with telecom companies, so that rural employees could have home internet access, was key as well.
“We have WiFi devices as well,” Goodwine said on Federal Drive with Tom Temin. “Like I said, it wasn’t a huge problem, but it was definitely something when you talk about preparation. We all assume that every home in America is internet-connected.”
For the devices employees can and must bring home, she said USDA does not have a full “BYOD” policy but that employees could connect to the old Microsoft 365 portal and authenticate with a personal identity verification (PIV) card for email, for example. But employees used to working with double or extra-large monitors, for example, cannot exactly take those home.
“And so part of that is making sure we had all the property agreements and property passes in place as well for individuals so that we can make sure that they have the ability to be as productive as possible,” she said.
A drawback of the 365 portal is that the environment is a sandbox, so printing is not viable, even to copy and paste. That’s why, Goodwine said, they strongly pushed collaboration tools such as Microsoft Teams. That’s also helped them preserve the VPN bandwidth for more enterprise applications. USDA did an information campaign and educational document for employees to explain this aim, which she said proved helpful. So far, the VPN capacity has held up.
“I’m speaking to you right now from my home office with my government-furnished equipment right in front of me, and I connect to the VPN and I get to hold meetings, virtual meetings throughout today and collaborate,” she said.
But teleworking has impacted Goodwine’s own cybersecurity work.
“So the other thing about cyber security challenges besides the increase in phishing attempts, is my perimeter is moved now which means my data has moved,” she said. “So now that my user base is working at home … my data now is definitely being accessed from there. And so the notion of using tools like network access control ꟷ we use Cisco [Identity Services Engine] for that ꟷ it becomes very important when you think about the type of threats. Because the threat actors know that the federal government is teleworking.”
Her Security Operations Center is 24/7, 365 days a year, and using a Microsoft cloud access service allows them to see what’s happening with a system’s IP address in cloud services.
“And so those types of investments have really proven to be beneficial for us as a department,” she said.