DHS expands zero trust without adding end user challenges

The Department of Homeland Security expects around 70,000-80,000 employees work remotely any given day of the week. That fluctuates based on training, schedules and leave, while frontline workers have always been on site through the pandemic.

Some technologies only work in a physical office but with cloud technologies and the security tools put in place, DHS has maximized the technological capability of teleworkers and field workers in organizations such as FEMA, Border patrol and the Coast Guard.

“We try to give the greatest capability possible to folks who are teleworking. I think, initially there were some limitations with the things like printing. Printing was one of the ones that everybody had to get accustomed to a different model and a different approach,” said Elizabeth Cappello, deputy chief information officer at DHS, on Federal Monthly Insights — Secure Tools for a Telework Future. “But I do think for the most part, we have done a really outstanding job of making all of the collaboration and back-office capabilities available to everyone who’s teleworking.”

Cappello has repeatedly credited a heavy snowstorm several years before the pandemic with teaching DHS to invest in remote network capability. It also prompted a transition to Microsoft Office 365 cloud software, as well as a cultural shift in the mindset around telework.

“When you have a large law enforcement component, or as you mentioned a large field component, it’s difficult to make that mental shift to not being in the office, to not being with your colleagues, and to using the technology in a far different way than you maybe had ever done previously,” she said on Federal Drive with Tom Temin.

With people working from home for months on end, day-to-day workflows were adjusted. Printing to PDF became the go-to solution for many, but furthermore the teleworked boom likely pushed DHS to use less paper overall, Cappello said. She speculated people have grown more comfortable with working electronically and using collaboration tools, such as video calling.

“We found that with some of the older laptops that folks had, we had to provide better cameras so that they could actually be on video calls. In some cases, additional keyboards, and whereas if you were only working from home one or two days a week, you might have been comfortable just working on your laptop without an additional keyboard or an additional mouse or some of those ergonomic add-ons. We found that that was not the case after a couple of months of working at home; folks really needed to establish maybe a little more permanence in their workspace,” she said.

The permanence of this widespread telework has implications for virtual private network capacity. DHS started a working group to investigate zero trust technologies before the pandemic started. The group looked for alternatives to support the end user, support the workforce and ensure that they were not introducing additional cyber vulnerabilities, Cappello said, declining to go into specifics on those zero trust technologies.

“We’ve reduced the number of network hops, which translates into better performance with enhanced security. But if you think about zero trust, it’s not a perimeter defense model, right? It’s literally you’re not trusting the resource,” she said. “So you’re doing trust on a continuous basis. So while it improves the access to resources, it also enhances the security posture around those resources.”

The agency has a methodology for people to work in a zero trust environment or without a VPN. Cappello said DHS implemented zero trust in conjunction with the standard HSPD-12 PIV card, and in her opinion they have not added challenges to the end user. Although she acknowledged the initial transition may have come with hiccups.

As for “composable enterprise,” meaning a kind of a dispatch to which one can add capabilities to better accommodate scattered users, “much of that’s going to be driven by the specific component needs, and what flexibilities make most sense for them in meeting their mission,” Cappello said. “A FEMA mission, obviously, is going to be very, very different from what, say, the U.S. Border Patrol is doing within Customs and Border Protection. So I think that, as we examine at DHS headquarters, within the CIO’s office, how we provide guidance to the components, we’re going to have to remain flexible and agile and respectful of their particular mission sets.”

The management lines of business — the chief financial officer, the chief human capital officer, acquisition and Cappello’s team in the CIO office — have to work together to respond dynamically as federal offices turn more hybrid in-person and telework.

“We’ve learned a lot of things in the last two years at a very, very accelerated pace. I don’t think we’ve actually had time to breathe and really spend some time thinking about what the future is going to look like,” she said. “But we do know we’re going to have to remain agile, we’re going to have to remain flexible, and we have to remain resilient.”

Copyright © 2024 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.

Related Stories

    TSA Administrator David Pekoske

    Federal employee union presses DHS to follow through on expanding collective bargaining for TSOs

    Read more