Oversight and Reform Chairs Ask Inspectors General To Review Security Risks of Government Telework Systems
Washington, D.C. (June 2, 2021)— Today, Chairwoman of the Committee on Oversight and Reform Carolyn B. Maloney; Chairman of the Subcommittee on National Security Stephen F. Lynch; Chairman of the Subcommittee on Government Operations Gerald E. Connolly; Chairman of the Subcommittee on Economic and Consumer Policy Raja Krishnamoorthi; Chairman of the Subcommittee on Civil Rights and Civil Liberties Jamie Raskin; and Chairman of the Subcommittee on the Environment Ro Khanna, sent letters to ten Inspectors General recommending they each conduct an assessment of any cyber vulnerabilities created or exacerbated by their respective departments’ and agencies’ use of telework systems during the coronavirus pandemic, and whether those vulnerabilities have been mitigated.
“The widespread use of virtual private networks and other remote-access technologies to facilitate continuity of operations across the federal government allowed federal agencies to continue to serve the nation throughout a deadly pandemic but also created additional cybersecurity vulnerabilities that could jeopardize the integrity of federal information technology networks,” the Chairs wrote.
The National Institute of Standards and Technology warned in 2016 that “major security concerns” associated with telework “include the lack of physical security controls, the use of unsecured networks, the connection of infected devices to internal networks, and the availability of internal resources to external hosts.”
The United States has recently been the target of several high-profile cyber attacks, including through the compromise of the SolarWinds Orion platform and on-premises Microsoft Exchange servers. On April 20, 2021, the Cybersecurity and Infrastructure Security Agency announced that Pulse Connect, a remote-access software used widely by government agencies, had been breached.
“The proliferation and growing sophistication of malicious state and non-state cyber actors requires federal departments and agencies to be able to maintain and protect the integrity of their information technology systems—particularly if they adopt more flexible telework policies after the coronavirus pandemic subsides,” the Chairs wrote.
Click here to read today’s letters.