How Telework Made These Federal Agencies More Secure

Many federal agencies scrambled to adjust their cybersecurity strategies while shifting to remote work in March at the beginning of the coronavirus pandemic. But some federal agencies, like the Defense Logistics Agency (DLA) and Defense Contract Audit Agency, found telework helped them improve their cybersecurity posture.
Linus Baker, cybersecurity director for the DLA, said the agency reduced its cyber attack surface by half since the beginning of the pandemic.
“From a cybersecurity perspective, I want to stress our virtual desktop infrastructure,” he said. “More than half of our users are on user-managed devices. Those are never seated on our network, they’re not endpoints that provide an attack vector for an adversary, so by that perspective, we’ve lessened our attack surface by more than half. We gained a benefit there, and an efficiency perspective in executing the agency’s mission.”
Baker said DLA already had a reliable telework strategy in place before the pandemic, which streamlined the mass shift in March.
“Most of the challenges we’ve faced have been mostly administrative, with users who unfortunately weren’t or aren’t able to telework,” he said at a FedInsider webinar last week. “We had some issues with user accounts because of the timeframe for logging in. But significant challenges? I would say no because we were poised for this given our large telework presence. In many ways DLA was ahead of the game.”
Anita Bales, director of the DCAA, said the agency was also “well positioned” for the shift to 100% telework because 30% of the agency’s employees already teleworked before the pandemic.
DCAA initially struggled to ensure its remote employees had enough bandwidth, but DOD helped sort that out relatively quickly, Bales said.
The DCAA also didn’t face any major cybersecurity challenges when shifting to telework, largely because it was already familiar with typical telework challenges like ensuring VPN security.
“With our VPNs, we made sure before we went into all of this we had all our security patches up to date and deployed a new patch right when we were going out,” she said during the webinar. “We would shut one [VPN] down and operate off of the other until we had all the patches in place.”
Telework strategies aside, Bales said employees’ good cyber hygiene is fundamental to any organization’s cybersecurity strategy, especially while working remotely.
“Make sure you’re not opening emails you’re not familiar with,” she said. “Remember you are a DOD employee using your government computer — make sure you don’t use anything outside of our VPNs. Bad actors know we’re in a virtual environment, and they’re going to try to take advantage of that.”
This is a carousel with manually rotating slides. Use Next and Previous buttons to navigate or jump to a slide with the slide dots
-
NSF Wants Industry Driving Quantum Innovation
The agency is pushing for partnerships to enhance the research community as Congress weighs additional legislation.
3m read -
White House Science Chief: US-Driven AI Sets Global Standards
Michael Kratsios outlined how American AI technology on the global stage will help standardize the tech and counter China’s influence.
5m read -
Modernizing Critical Infrastructure in the Face of Global Threats
Officials are expanding the latest strategies in boosting defense infrastructure, including securing satellite communications, upgrading enterprise-wide technology, optimizing data management.
20m watch -
Trump AI Orders Call for Speed in Building Infrastructure
The directives call for expanding AI infrastructure, streamlining federal permitting and promoting AI exports.
4m read -
DOD Accelerates Software Modernization with Agile DevSecOps Push
The Pentagon's software implementation plan tackles cultural hurdles and integrates security early to deliver critical capabilities faster.
6m read -
White House Unveils AI Action Plan to Secure Global Dominance
The strategy outlines steps to accelerate private sector innovation, build critical infrastructure and advance U.S. leadership in AI policy and security.
3m read -
VA's Platform One Powers Rapid Innovation to Bolster Digital Services
VA's Platform One accelerates software development timelines from weeks to hours, ultimately enhancing digital services for veterans.
5m read -
Federal Leaders Receive Federal IT Efficiency Flywheel Awards from GovCIO Media & Research
Five federal IT leaders received Flywheel Awards for driving innovation and modernizing technology at the Federal IT Efficiency Summit.
5m read -
Doing More with Less is Muscle Memory for IRS, Former Deputy CIO Says
Darnita Trower discusses her experience, the legacy she’s left behind and how she pushed the IRS to modernize itself,
20m watch -
Opinion: Original Intelligence Is the Missing Piece for AI Transformation
Limitations of AI agents and development drive growing needs for workforce development and "original intelligence."
3m read -
VA CIO Targets Modern IT and Smarter Workforce Alignment
Agency leaders told lawmakers they are focused on trimming legacy systems and restructuring its workforce to streamline operations.
3m read -
Pentagon's $200M AI Contracts Signal Broader Effort to Transform Talent
The Army is leveraging Silicon Valley, reservist programs and new hiring strategies to integrate critical digital skills in its ranks.
5m read