“href =” https://www.law360.com/employment-authority/articles/1390489/# “> Grace Dixon ·
U.S. House Oversight Committee leaders have urged government vigilantes from ten federal agencies to investigate whether their departments are at greater risk of cybersecurity attacks following the pandemic-related change in telecommuting.
After three high-profile cybersecurity attacks suspected of being sponsored by foreign nations, committee chair Carolyn B. Maloney and other Democrats on Wednesday urged 10 inspectors general to examine whether widespread use of virtual private networks and other technologies that allow workers to continue working have remotely aggravated security vulnerabilities.
“The widespread use of [VPNs] and other remote access technologies to facilitate continuity of operations across the federal government allowed federal agencies to continue to serve the nation throughout a deadly pandemic, but also created additional cybersecurity vulnerabilities that could jeopardize integrity of the federal information technology networks, “the letter said.
The committee urged inspectors general to examine the security of remote connections, including VPNs and collaborative platforms such as Slack, Zoom and Microsoft Teams.
He also asked inspectors to examine the agencies ’oversight of remote access users, their distribution of telecommuting hardware and software, and whether they are monitoring networks to identify existing vulnerabilities.
The letter was sent to inspectors from the U.S. Departments of State, Homeland Security, Justice, Energy, Finance, Health and Human Services, Veterans, Education, Defense, and the intelligence community.
The request follows a series of high-profile cyberattacks led by state-sponsored groups in China and Russia.
“The proliferation and growing sophistication of malicious state and non-state cyber actors requires that federal departments and agencies be able to maintain and protect the integrity of their information technology systems,” the committee told inspectors.
Computer software provider SolarWinds Corp. was the vehicle for one cyberattack it was first reported in December, that it violated systems throughout the federal government, including the Department of Homeland Security and the Department of the Treasury. Probably led by Russian intelligence agents, according to US intelligence agencies, the attack hid malware in a routine security update.
Most recently, an attack on Microsoft Exchange e-mail services by state-sponsored actors in China that exposed hundreds of thousands of users was unveiled in March. According to U.S. government agencies, state and local governments were the victims of the attack.
The letter also cited reports from April of an attack that violated several U.S. government agencies, critical infrastructure entities, and private companies through vulnerabilities in Pulse Secure, a widely used VPN. Hackers suspect they have ties to China.
While exacerbated by the pandemic-related work culture change, the danger of telework-related security threats is not a new concern, the committee wrote, citing a 2016 report from the National Institute of Labor. ‘Standards and Technology.
“Major security concerns include lack of physical security controls, use of unsecured networks, connection of infected devices to internal networks, and availability of internal resources to external hosts,” the organization said in a report on security considerations for telecommuting.
The committee urged inspectors to incorporate remote work safety research as part of their annual cybersecurity assessment.
– Additional reports by Ben Kochman. Edited by Nicole Bleier.
To reprint this article, contact firstname.lastname@example.org.