Lawmakers seek IG probes of telework cybersecurity

A group of six House Democrats heading up the committee and subcommittees for Oversight and Reform are asking nearly a dozen inspectors general to conduct audits of their agencies and departments to assess what vulnerabilities may have arisen from the mass rise in telework during the coronavirus pandemic.

"The widespread use of virtual private networks and other remote-access technologies to facilitate continuity of operations across the federal government allowed federal agencies to continue to serve the nation throughout a deadly pandemic but also created additional cybersecurity vulnerabilities that could jeopardize the integrity of federal information technology networks," the lawmakers wrote in letter sent on Wednesday.

The letters were signed by Reps. Carolyn B. Maloney (D-N.Y.), Stephen F. Lynch (D-Mass.), Gerald Connolly (D-Va.), Raja Krishnamoorthi (D-Ill.) Jamie Raskin (D-Md.) and Ro Khanna (D-Calif.). Maloney is chairwoman of the House Committee on Oversight and Reform. The other signers chair Oversight subcommittees.

The Democrats requested audits by the inspectors general of the departments of State, Defense, Homeland Security, Justice, Energy, Treasury, Health and Human Services, Veteran Affairs and Education, as well as the intelligence community.

"The proliferation and growing sophistication of malicious state and non-state cyber actors requires federal departments and agencies to be able to maintain and protect the integrity of their information technology systems—particularly if they adopt more flexible telework policies after the coronavirus pandemic subsides," the lawmakers wrote.

The request comes during a year where federal and state governments have faced a barrage of cybersecurity threats. Most pertinent to the Democrats' request might be the February intrusion into a Florida-based water facility in which hackers took advantage of the facility's remote work applications and nearly poisoned a towns' water supply.

The audit, the lawmakers wrote, should be included in each agency's annual FISMA evaluation and should examine the use of remote connections or virtual network controllers; platforms such as Microsoft Teams, Zoom and Slack and whether agencies have implemented appropriate security for controlled information.

The inspectors general should also examine agency adherence to Trusted Internet Connection guidance and identity, credential, and access management policies for users accessing networks remotely as well as the distribution and management of virtual and physical items such as laptops.