Congress

Lawmakers seek IG probes of telework cybersecurity

web conference (fizkes/Shutterstock.com) 

A group of six House Democrats heading up the committee and subcommittees for Oversight and Reform are asking nearly a dozen inspectors general to conduct audits of their agencies and departments to assess what vulnerabilities may have arisen from the mass rise in telework during the coronavirus pandemic.

"The widespread use of virtual private networks and other remote-access technologies to facilitate continuity of operations across the federal government allowed federal agencies to continue to serve the nation throughout a deadly pandemic but also created additional cybersecurity vulnerabilities that could jeopardize the integrity of federal information technology networks," the lawmakers wrote in letter sent on Wednesday.

The letters were signed by Reps. Carolyn B. Maloney (D-N.Y.), Stephen F. Lynch (D-Mass.), Gerald Connolly (D-Va.), Raja Krishnamoorthi (D-Ill.) Jamie Raskin (D-Md.) and Ro Khanna (D-Calif.). Maloney is chairwoman of the House Committee on Oversight and Reform. The other signers chair Oversight subcommittees.

The Democrats requested audits by the inspectors general of the departments of State, Defense, Homeland Security, Justice, Energy, Treasury, Health and Human Services, Veteran Affairs and Education, as well as the intelligence community.

"The proliferation and growing sophistication of malicious state and non-state cyber actors requires federal departments and agencies to be able to maintain and protect the integrity of their information technology systems—particularly if they adopt more flexible telework policies after the coronavirus pandemic subsides," the lawmakers wrote.

The request comes during a year where federal and state governments have faced a barrage of cybersecurity threats. Most pertinent to the Democrats' request might be the February intrusion into a Florida-based water facility in which hackers took advantage of the facility's remote work applications and nearly poisoned a towns' water supply.

The audit, the lawmakers wrote, should be included in each agency's annual FISMA evaluation and should examine the use of remote connections or virtual network controllers; platforms such as Microsoft Teams, Zoom and Slack and whether agencies have implemented appropriate security for controlled information.

The inspectors general should also examine agency adherence to Trusted Internet Connection guidance and identity, credential, and access management policies for users accessing networks remotely as well as the distribution and management of virtual and physical items such as laptops.

About the Author

Justin Katz covers cybersecurity for FCW. Previously he covered the Navy and Marine Corps for Inside Defense, focusing on weapons, vehicle acquisition and congressional oversight of the Pentagon. Prior to reporting for Inside Defense, Katz covered community news in the Baltimore and Washington D.C. areas. Connect with him on Twitter at @JustinSKatz.


Featured

  • Comment
    customer experience (garagestock/Shutterstock.com)

    Leveraging the TMF to improve customer experience

    Focusing on customer experience as part of the Technology Modernization Fund investment strategy will enable agencies to improve service and build trust in government.

  • FCW Perspectives
    zero trust network

    Why zero trust is having a moment

    Improved technologies and growing threats have agencies actively pursuing dynamic and context-driven security.

Stay Connected