COVID-19 , Endpoint Security , Governance & Risk Management
DOD Warns of Cyber Risks as Employees Work From Home
Defense Department to Issue Detailed Security GuidanceAs more of its employees shift to working from home due to the COVID-19 pandemic, the U.S. Department of Defense is warning workers to take security precautions to guard against potential hackers. It plans to release detailed guidance soon.
See Also: 2024 Threat Landscape: Data Loss is a People Problem
In a "virtual town hall" broadcast Monday, DOD officials offered security advice to employees who need to access sensitive applications and data over remote networks, stressing the need for good cyber hygiene.
Over the weekend, the Defense Department began making arrangements for some of its employees, both military and civilian, to work remotely as a precaution against the spread of COVID-19. The department employs about 2.8 million worldwide, with 25,000 working at the Pentagon. CNN reports that as much 50 percent of the workforce may be asked to work from home.
The town hall was conducted virtually because the Pentagon has moved to Health Protection Condition Bravo. Under HPCON B, the offices and facilities in the National Capital Region, which includes Washington and parts of Maryland and Virginia, will remain open but with restricted access.
DOD soon will issue detailed guidelines to employees on how to protect personal identifiable information and sensitive departmental information, said Dan Walsh, the deputy director of the Pentagon Force Protection Agency.
"We don't want to open up opportunities for our adversaries to exploit this situation, so you need to make sure that you follow not only personal hygiene to protect against the coronavirus but also cyber hygiene to protect the department's mission," Walsh said at the town hall meeting Monday.
Thomas Muir, DOD’s director of Washington Headquarters Services, acknowledged, however, that many employees require secret or top secret access to classified systems, which cannot be made available in a teleworking situation.
Increased risks
Over the last month, numerous cybersecurity firms have warned of increases in attacks by both cybercriminals and nation-state actors who are looking to take advantage of the new work-at-home situation in all sectors created by the COVID-19 crisis to send more phishing emails and spread malware (see: Nation-State Hackers Using COVID-19 Fears to Spread Malware).
And with so many remote endpoints now connected to the DOD’s IT networks, hackers are trying to take advantage, said Essye Miller, the department's deputy CIO.
"With the increased telework capability comes an increased attack surface for our adversaries. They are already taking advantage of the situation and the environment that we have on hand," Miller said at the town hall meeting, without providing specifics.
No More YouTube
DOD employees working at home have been told not to use apps, such as YouTube, that are not "mission-essential" in order to help increase network capacity, Miller said.
"Given the increased telework demand, we've seen a tremendous increase on the network, unprecedented demand just over the last weekend or so. As such, we're taking actions of shutting down YouTube, effective tonight. We will start throttling streaming services today," Miller said at the Monday meeting. She added that employees should only use DOD-approved applications and not attempt to download third-party software for communication and collaboration because these could increase the risk of cyberthreats.