Tech

DOD networks, under ‘unprecedented’ strain, are more vulnerable to attacks, official says

"With the increase in telework capability comes an increase in attack surface for our adversaries,” says Essye Miller of the CIO's office. "They are already taking advantage of the situation."

By Jackson Barnett

March 16, 2020

Essye Miller, Director at Defense Information Management, speaks during the Breaking the Gender Barrier panel at the Air Space, Cyber Conference in National Harbor, Md., Sept. 19, 2017. (U.S. Air Force photo/Staff Sgt. Chad Trujillo)

As more non-“mission-critical” civilian, military and contractor employees login remotely to do their Department of Defense jobs, U.S. adversaries are ramping up attacks, an IT official said during a virtual town hall event Monday.

The DOD’s network is under “unprecedented” demand as the federal government goes to maximum telework capacity, Essye Miller, principal deputy to the DOD’s CIO, said during the event. Much of that strain is coming from remote workers streaming music and videos, prompting the department to suspend access to YouTube and encouraging everyone to avoid streaming music.

“With the increase in telework capability comes an increase in attack surface for our adversaries,” Miller said. “They are already taking advantage of the situation.”

The DOD and military services either declined to comment or did not respond to questions about how many nonessential DOD employees are teleworking.

The CIO’s office has three tiers of need for teleworkers: those who need access just to their DOD emails; those that need access to their files; and those that need full “office-like experience” to carry on their job. Currently, the CIO’s office is working with IT managers across the department to triage network access, Miller said. Many officials whose work is related to classified information or national security cannot telework.

“The Pentagon today seems a little more empty than usual, that is because we are stress-testing teleworking arrangements,” Lisa Hershman, DOD’s chief management officer, said at the virtual event.

The CIO’s office is working to create a “dos and don’ts” list and will offer remote workers a list of best practices to limit the vulnerabilities created from remote access. The Cybersecurity and Infrastructure Security Agency (CISA) put out an alert Friday reminding those who will use virtual private networks (VPNs) to patch and stay updated on security breaches.

Miller asked those who are working remotely not to “resort to more creative means” of chatting online with colleagues. The Defense Information Systems Agency (DISA) is working to create a DOD-approve chat platform, she said. Using non-DOD approved chatrooms “will ultimately create holes and establish unnecessary security postures for us,” Miller said.

The fallout from the novel coronavirus pandemic is unprecedented for the DOD, which has faced sequestration and furlough before. But for those past events, workers had to stop their work instead of working from home.

Daniel Walsh, acting director of the Pentagon Force Protection Agency, asked all to “follow personal hygiene against the coronavirus, but also cyber-hygiene.”