Adversaries are likely to exploit the widespread movement toward teleworking by government workers and federal contractors during the COVID-19 pandemic, experts warn.
Essye Miller, principal deputy to the Defense Department's chief information officer, said because of the spread of the novel coronavirus, there has been unprecedented demand on the Pentagon's network systems as employees work remotely. And with so many personnel working from home, there are cybersecurity risks.
"With the increased telework capability comes an increased attack surface for our adversary," Miller said during a virtual townhall in March.
To mitigate that vulnerability, the Defense Department has developed a list of best practices for employees to use when working from home. Additionally, it has stood up a COVID-19 telework readiness task force, which meets daily to review and address various technical issues.
"The same practices that you use in an office environment need to convey to wherever you're teleworking from," Miller added.
Gen. David Goldfein, chief of staff of the Air Force, said enemies are already working to exploit the challenges created by the novel coronavirus.
"We are seeing... [adversaries] try to take advantage of this situation," he said during an online event hosted by the Air Force Association in April. While remaining mum on specific details, he noted that the observation is especially true when it comes to information systems.
Peter W. Singer, a strategist and senior fellow at New America, a Washington, D.C.-based think tank, said the Pentagon--along with the rest of the government--faces steep challenges because it waited too long to prepare for the effects of the COVID-19 virus and how that could impact the workforce.
"What was coming was staring us right in the face," he said. "The measures that were... needed were clear and obvious."
However, the Defense Department and other federal agencies waited too long to come up with a tested transition plan for mass scale telework, Singer said.
There were ways agencies could have been more prepared, such as by implementing simple safety measures and running cyber "fire drills" ahead of time, he said.
"Just as you have fire drills for physical [threats], you need to have fire drills for networks," he said. Very few agencies have ever run such an event, but the importance of them cannot be overstated, he added.
"It allows you to understand everything from overall network node [issues]... to people...