Cybersecurity and Infrastructure Security Agency (CISA) Director Christopher Krebs called the COVID-19 pandemic – and the quick switch to telework stemming from efforts to curtail the spread of the virus – one of the “biggest drivers” of IT and cyber modernization in recent times.
At the June 24 Forcepoint Cybersecurity Leadership Virtual Summit, Krebs explained CISA’s dual mission to get its own employees telework ready, while also helping other agencies and private sector firms stay cybersecure in the new environment. Since March, CISA has been able to support 93 percent telework at the agency.
While Krebs commended the transition to telework as generally seamless, he admitted to a few modernization hurdles agencies faced.
“What saw were, unfortunately, things that we knew all along,” Krebs said. For example, virtual private networks had not been maintained and patched throughout the ecosystem over time, despite modernization efforts throughout the Federal government. “They had a path, they had a plan but the plans … were not designed for instantaneous activation,” he explained.
To accommodate the quick shift, CISA released guidance such as the Trusted Internet Connections 3.0 Interim Telework Guidance to show agencies what cybersecurity measures to consider when working more extensively in the telework environment. Krebs continued that there’s still some discomfort with certain tech despite government progress.
“Cloud is really the first technology that the government has not been able to develop and deploy of its own organic capability,” he said as an example. “There’s a lot of uncomfortability with that and there’s still some unknown questions, or answers rather,” Krebs added.
When it comes to preventing cyberattacks, Krebs said partnerships with international peers have been a part of CISA’s efforts. He said that the common theme of criminal phishing attacks and scams lately has been COVID-19, but despite the international community’s efforts to disrupt these operations, the public should stay hyperaware of fraud during this time.
“People need to keep in mind they’re [cyberattacks] going to keep getting served up because they’re getting the clicks,” Krebs said.