Army rolls back short-lived IoT telework policy

The Army is "restaffing" the policy, which would have required teleworkers to turn off or remove smart devices, such as Amazon Echo speakers, from their remote workspaces.

Army medallion. Patrish Jackson. Shutterstock ID: 1570671799
 

The Army has rescinded its policy restricting internet of things devices, such as smart TVs and smart watches, from telework spaces to prevent data leaks.

The Army announced the policy, which targeted internet-connected devices, was intended to "mitigate data leakage of official government information" and outline conditions so that Army personnel can "protect and safeguard DOD information" and systems, in a now deleted Twitter post linking to a memo dated May 25.

Jason Waggoner, an Army spokesperson, told FCW via email the "memo was removed" and "the policy is not in effect and additional staffing actions are required."

The short-lived policy comes as lawmakers push for increased cybersecurity on government networks and systems amid large-scale intrusions, such as those on SolarWinds and Microsoft Exchange servers. Leaders from the House Committee on Oversight and Reform have requested the Defense Department's inspector general (and other watchdogs across government) conduct a cyber vulnerabilities assessment with a specific focus on whether "use of remote-access software to facilitate telework during the coronavirus pandemic, and whether an such vulnerabilities were effectively mitigated," according to a June 2 letter signed by Chair Carolyn Maloney, and subcommittee chairs Reps. Stephen Lynch (D-Mass.), Gerald Connolly (D-Va.), Raja Krishnamoorthi (D-Ill.), Jamie Raskin (D-Md.), and Ro Khanna (D-Calif.).

The letter comes as maximum telework policies put in place to respond to the COVID-19 pandemic morph into an enduring norm for government workers even as local restrictions are lifted amid increased vaccine rates and fewer deadly infections.

The assessment, which would be part of the annual requirement per the Federal Information Security Modernization Act of 2014, would also take a look at virtual private networks, the security of collaboration capabilities such as Cisco Webex, Slack, Zoom, and Microsoft Teams.

The Defense Department is currently rolling out a permanent version of the Commercial Virtual Remote environment -- the organization's own version of Microsoft Teams installed at the start of the pandemic in 2020.

It's not clear if the Army is planning to revise the crackdown on smart devices in telework spaces. The issue is likely to reemerge if the military services continue to offer large-scale telework even after pandemic restrictions are lifted.