Agencies should ensure their communication systems are ready for another mass shift to telework in case the need comes up again.
If there's anything that businesses have learned as a result of COVID-19 and the ensuing chaos, it's that communications systems need to be resilient enough to handle more than they currently can. Many of these organizations, particularly those in the telecommunications sector, stepped up to the plate and met a vastly increased demand when millions of Americans were forced to work remotely. Several of these lessons learned should be seriously considered by the government sector as candidates for implementation in the future, should such a situation arise again.
Availability vs. Confidentiality
Before any new communications platforms are adopted, organizations must conduct a comprehensive risk assessment to determine what communications need to be secured and at what cost. Cybersecurity and communications are constantly a trade-off between making sure the necessary people have access to information vs. keeping that information secure. A move toward accessibility necessitates a move away from confidentiality, and vice versa. Comms that can be resilient in the face of a mass exodus away from traditional workplaces will still need to be secured, but an organization cannot make that move without conducting the proper risk assessments.
Perhaps one of the most lasting legacies of the COVID-19 pandemic will be a move toward mobile communication platforms. Cell phones and tablets that employees can use to securely reach back to company resources through unsecured Wi-Fi connections are absolutely critical to success moving forward. In the government, this is made more complex by the different requirements for securing classified information, many of which have substantial legal ramifications if mistreated.
This is not to say that sensitive data and communications should have their classifications downgraded or restrictions relaxed. However, it's important to note that in a post-pandemic business world, many businesses will be moving in the general direction of having more mobile communications. Employees have to be able to access sensitive information from home in the event that their physical workplace is shut down again in the future.
Increased Front-end and Back-end Capacity
The early days of the COVID-19 pandemic had many strong resemblances to a distributed denial-of-service cyberattack, when servers on remote collaboration apps, such as Zoom, were inundated with millions of new users. Many companies were not prepared for all of their employees to work from home and discovered that their IT infrastructure was severely lacking. Indeed, the Health and Human Services Department was even hit with a DoS attack in March, likely by a foreign actor to sow discord in the U.S. response to the virus.
While these are two very different situations, the lesson they teach is the same: Services need to be able to rapidly expand their capacity to handle increased traffic in the event of another crisis. While keeping these new servers on all the time will likely be a waste of resources, organizations could consider keeping the extra hardware in a cold or warm configuration, applying patches as required and upgrading software and firmware in order to keep them operational should the need arise.
Cloud services clearly will see increased demand in a post-COVID business climate, as more companies move to services that can provide costly infrastructure, platforms or software for employees to be able to access anywhere. Secure clouds would be a valuable investment for government agencies as well, so employees who could potentially be critical to the government's response to an emergency can access the data they need, when they need it.
Finally, businesses will continue to invest in remote collaboration tools, both in an effort to increase their capabilities as well as get employees used to operating with them in the event that they have to. Too many organizations have had to learn remote collaboration tools on the fly, resulting in lost productivity and efficiency as employees struggle to keep up. As employees moved to the home and struggled to stay in communication with their coworkers, they turned to a number of free conferencing platforms like Zoom. Many organizations, including SpaceX, NASA, and the Defense Department, had to prohibit their employees from using these services because there was no time to conduct risk assessments and address security concerns.
There have also been stories of breaches of etiquette and embarrassing moments captured on video conferencing calls during COVID, but employees who are used to using these tools would be less likely to suffer the same fate in the future. Employees learn best by doing, so leadership must enforce continued use of these tools even once work conditions return to normal. This means employees need to be reminded of keeping private communications private and exchanging sensitive data over more secure methods of communication. Of course, this also means organizations must re-assess their communications structure periodically to review whether the costs, security, and support associated with their different systems are still in line with future needs.
COVID-19 exposed many weaknesses in American business' communications infrastructure, particularly a dependence on on-site networks and a lack of attention paid to securing remote connections. However, trends in the future will likely move in a way to correct these shortfalls, and government agencies should look to corporate peers for ideas on how to correct their own identified issues and shortfalls as well.
Alex White is co-founder and chief technology officer at Glacier and a former National Security Agency engineer.