Following reports of a possible cyberattack late Sunday night, officials at the Department of Health and Human Services (HHS) and at the Department of Defense (DoD) prep Federal networks for an uptick in cyberthreats as employees move to telework to fight the COVID-19 coronavirus outbreak.
HHS Spokesperson Caitlin Oakley confirmed to MeriTalk that the agency became aware of a “significant increase” in activity on the HHS cyber infrastructure but did not say if it constitutes a threat. Agencywide cyber remains “fully functional” as officials investigate the incident.
“HHS has an IT infrastructure with risk-based security controls continuously monitored in order to detect and address cybersecurity threats and vulnerabilities … Early on while preparing and responding to COVID-19, HHS put extra protections in place. We are coordinating with Federal law enforcement and remain vigilant and focused on ensuring the integrity of our IT infrastructure,” she said.
At DoD, officials fear that adapting to telework could leave the network open to vulnerabilities.
“As more and more of you transition to telework, it’s important to be security conscience,” Dan Walsh, acting director of the Pentagon Force Protection Agency, said. “We don’t want to open up opportunities for our adversaries to exploit this situation, so you need to make sure that you follow not only personal hygiene to protect against the coronavirus but also cyber hygiene to protect the department’s mission.”
He added that DoD will be posting security guidance on protecting personally identifiable information and sensitive departmental information as more individuals choose to telework. DoD will also produce a “dos and don’ts” guidance on network security, per Principal Deputy CIO Essye Miller. She said that the CIO’s office is working on throttling certain services like YouTube to reduce pressure on the DoD network, and asked employees to be aware of their network use at home.
“With the increased telework capability comes an increased attack surface for our adversary. They’re already taking advantage of the situation and the environment that we have on hand,” she said.
Miller cautioned against using unapproved services on the DoD network as they could create unnecessary holes in the agency’s security posture.
Sen. Ben Sasse, R-Neb., also commented on the importance of cybersecurity awareness as agencies face new challenges in adapting to coronavirus precautions.
“Cyberattacks are massive weapons to kick opponents when they’re down. At a time when Americans face uncertainty and fear from coronavirus, we should expect an increase in cyberattacks and stay vigilant. There need to be consequences for these kinds of attacks. We can’t take our eye off the ball,” he said.