House Oversight and Reform Committee Chair Carolyn Maloney, DN.Y., and several chairpersons of key panel subcommittees today called on inspectors general (IG) from ten federal agencies to assess created or worsened cybersecurity vulnerabilities for the use of telework systems. during the coronavirus pandemic and if any of these vulnerabilities have been violated.
These requests were published in letters dated today to the GIs for the intelligence community and the departments of State, Defense, Homeland Security, Justice, Energy, Finance, Health and Human Services, Veterans and Education.
“The widespread use of virtual private networks and other remote access technologies to facilitate continuity of operations across the federal government allowed federal agencies to continue to serve the nation during a deadly pandemic, but it also created cybersecurity vulnerabilities. additional information that could jeopardize the integrity of federal information technology networks, “House Democrats said.
House members cited the recent wave of high-profile cyberattacks against government networks and said, “The proliferation and growing sophistication of malicious state and non-state cyber actors requires that federal departments and agencies be able to maintain and protect the integrity of their information technology systems, especially if they adopt more flexible telework policies after the declining coronavirus pandemic.
They also told the GIs that the Federal Information Security Modernization Act (FISMA) requires GIs to conduct annual evaluations of their agencies ’cybersecurity policies and practices and encouraged them to conduct the requested evaluations on this base.
In particular, members of the House asked the GIs to analyze the security of remote connections provided by VPNs and virtual network controllers, the deployment by agencies of various collaboration platforms and whether agencies “ they have implemented security controls to prevent the unauthorized dissemination of controlled unclassified information, personally identifiable information or sensitive but unclassified information through third-party collaboration platforms. “
They also asked the GIs to analyze: identity, credential, and access management systems; distribution and management of physical assets used for telecommuting, including laptops and smartphones; adherence to Trusted Internet Connections 3.0 guidelines; how and if the agencies implemented additional security policies in response to the pandemic-driven telework; and whether agencies have implemented continuous monitoring and scanning of networks to identify vulnerabilities.