Homeland Security Watch

News and analysis of critical issues in homeland security

September 22, 2009

Cover Your Cough With the Internet (Or Phone)

Filed under: Events — by Jessica Herrera-Flanigan on September 22, 2009

Federal News Radio continued its reporting yesterday regarding the Department of Homeland Security mandate for a department-wide telework and COOP review this week. The article quotes Elaine Duke, the Undersecretary for Management, saying:

We have some specific concerns about the potential of H1N1 to make its next surge in the United States, potentially next month, and this fall. One of the things we want to be ready for is potential absenteeism among our federal workforce. And with the telework week, we are asking that each employee who is on a telework agreement, who is on a telework agreement as part of our continuity of operations planning, or COOP planning, to telework, to test it, to make sure they have the right connectivity, the right equipment, to make sure they can work from home.

Teleworking to counter a pandemic is not a new idea. Indeed, the National Strategy for Pandemic Influenza Implementation Plan discusses how teleworking can help slow the spread of pandemic influenza through social distancing (i.e. coughing over the Internet or phone instead of face to face).  As telework.gov notes, the key to successfully using teleworking to fight off H1N1 (or any pandemic) requires a systematic approach to teleworking with roles and responsibilities understood by all.   DHS’s announcement this week is especially welcome as it is testing its agencies systems in a moment of calm instead of a time of crisis.

That said, as DHS and other agencies look to teleworking this fall, they should not only be testing for access and connectivity, but for security.  While security training and configuration have been key parts of the government’s telework program, it is imperative that they are stressed to the potential newbies who will be signing up to avoid the H1N1 spread. There is a level of trust when teleworking becomes the norm. That trust, with regards to security, requires extensive training and understanding of the “dos and don’ts” of being online.  The more people who sign up to work from home, the more risks of security breaches, whether from unencrypted data being stolen remotely off a compromised system or a laptop disappearing from the backseat of a car.

NIST has recognized the need for telework security. This past June it revised its guidance in the area in Guide to Enterprise Telework and Remote Access Security, Revision 1.  NIST noted in the Executive Summary:

The nature of telework and remote access technologies—permitting access to protected resources from external networks and often external hosts as well—generally places them at higher risk than similar technologies only accessed from inside the organization, as well as increasing the risk to the internal resources made available to teleworkers through remote access.

In its findings, NIST made the following recommendations to agencies on steps to take to ensure that employees and contractors have improved security for teleworking and remote access:

  • Plan telework security policies and controls based on the assumption that external environments contain hostile threats
  • Develop a telework security policy that defines telework and remote access requirements.
  • Ensure that remote access servers are secured effectively and are configured to enforce telework security policies.
  • Secure telework client devices against common threats and maintain their security regularly.

Given today’s increased cyber threat, these steps, while seemingly common sense, are critical, especially if we see an influx of new teleworkers.

Another issue to consider is whether the bandwidth for increased teleworking, especially in the DC area, is available.  The tests run by DHS this week are good but will not go to demonstrate whether bandwidth needs can be met if a significant number of government employees are working from home in the event of a pandemic.  On September 4, the FCC put out a notice on this issue, asking what kind of bandwidth and speed will be needed to support teleworking.  The notice also asked what is needed to support government workers at home in a time of emergency.  The FCC will use the comments and its findings as part of its National Broadband Plan, due to Congress on February 17, 2010.  Obviously, that plan will not be out before this fall’s potential H1N1 outbreak, though the telecommunications carriers have been preparing for this issue nonetheless.

While this post has focused on government’s systems,  the same issues are relevant to the private sector.  Like the government, the private sector has seen an increased reliance on teleworking to counter pandemic incidents.  Jeff Goldman wrote an interesting piece on this phenomenon on Wi-Fi Planet back in May entitled Pandemic Preparedness: Teleworking Best Practices, which details the steps to take for implementing teleworking.  Interestingly, one of the potential issues he points out is the need for enabling broadband access in remote locations.  Broadband and net neutrality issues, especially in a time of crisis, could fill a separate post but are especially worth noting given at Brookings yesterday by FCC Chairman Julius Genachowski on the topic.

Share and Enjoy:
  • Digg
  • Reddit
  • Facebook
  • Yahoo! Buzz
  • Google Bookmarks
  • email
  • Print
  • LinkedIn


Comment by William R. Cumming

September 22, 2009 @ 9:24 am

Teleworking like all dispersal strategies is a basic preparedness and COOP (Continutiy of Ops) planning doctrine. The most recent test of COOP was a lengthy IRS outage when the 1111 Constitution bldg. basement flooded knocking out not just power but sensitive computer systems housed in the basement. In 1936 the Ellipse flooded to the depth of 7-9 feet for the flood of record on the DC portion of the Potomac. FEMA continues to blink over correct flood maps and their enforcement for the DC area. Note that the statutory mapping for the NFIP is the “best scientific and technical information” available not the wishes of a corrupt DC government and its developer/contributors. The high water mark is reflected on the old toll houses on the C&O canal still located at 14th & Constitution and near the Viet Nam memorial. President Obama is thinking of rewriting Executive Order 11988 “Flood Plain Management” and this should be revised as soon as possible. The leading unwise developer of the nation’s flood plains directly and indirectly is guess who–you guessed correctly–Uncle Sugar.

Comment by christopher tingus

September 23, 2009 @ 11:27 pm

I really hoped Coca Cola’s top management had adopted my plan well over a year ago stongly advising that a hospital quality face mask with a small Coca Cola logo imprinted on the right side would not only be terrific for sales of 12 packs with one face mask included, but it would be utilizing Coca Cola’s extensive global distribution to far reaches to enable many people who otherwise would not have access…The idea of the face mask and the one minute informercials by Coke’s senior managers during the height of the season is to promote more enlightenment of the virus as well as reafirming washing hands, coughing into the mask and elbow, etc.

It would be terrific to see Coca Cola portray some real entrepreneurial zest as well as a portrayal of genuine concern and compassion for its loyal global customer base – if Coca Cola doesn’t offer the face masks in every 12 pack…maybe Pepsi can raise its global market share….while also addressing corporate’s commitment to community….

Christopher Tingus
CEO & Managing Director
GlobalH2OSolutions, Ltd.

Comment by Charlie Bastura

August 6, 2010 @ 1:21 am

Just wanted to say thanks for this. One thing is for certain, though, while it is sometimes difficult to distinguish between certain styles of music, nobody would ever confuse a disco song with anything else.

RSS feed for comments on this post. TrackBack URI

Leave a comment

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>