A Test and Trace Strategy for Reconnecting to Government Networks

Suttipun/Shutterstock.com

Agencies shifted to large-scale work from home operations but little thought has been given to how to secure these networks when workers return to the office. 

It is no secret that the COVID-19 pandemic has been a bonanza for cybercriminals. As millions of government workers shifted to remote work almost overnight, federal IT managers were suddenly charged with securing a vastly expanded network perimeter while fending off increasingly aggressive and innovative bad actors. 

For the first time ever, access to sensitive data and applications was almost exclusively driven by external users rather than on-premise demand. Securing this new edge-centric world has been especially challenging as the number of cyberthreats has risen and bad actors take advantage of fears of the pandemic to launch phishing campaigns and spread malware. 

Despite these threats, federal agencies have largely managed. But today, over three months after agencies shifted to large-scale work from home operations, scant thought has been given to how to secure these networks when workers return to the office. 

Contrast this with the steps agencies are planning to prevent the spread of COVID-19 upon reopening: temperature checks and symptom monitoring, employee COVID-19 testing, and frequent sanitization of common spaces. Many large agencies are also planning to implement staggered telework schedules, rotating employees in and out of the office weekly to enable social distancing.

But just as agencies want to ensure that they are not unwittingly providing a vector for a resurgence of COVID-19, federal IT managers must also consider the challenge of securing thousands of devices that have spent time outside the main network and its suite of security tools and take steps to ensure that they do not unwittingly provide opportunities for cyberthreats to spread throughout federal networks.

A potential disaster looms—and securing these networks will not be a one-time event that IT managers can focus on intensely for a moment in time and then forget about. Instead, as telework and rotating telework arrangements remain prevalent for some time, devices that are found to be malware-free upon returning to the office risk being infected (or re-infected) when they return home, and once again risk bringing malware back into the network.

What IT managers need to combat this threat is a test and trace strategy for cyberthreats—a long-term solution that provides constant visibility into the condition of the network by automatically monitoring the network for signs of malware (“testing”), and that automates identification, containment, isolation and mitigation of infected devices before data can be exfiltrated or malware can be uploaded or widely spread across the network (“tracing”). 

Testing and tracing for COVID-19 is difficult when you have to contact and keep track of thousands of people who may have been infected, as well as everyone they’ve been in touch with. But with networks, it can be made much simpler with automated and secure Domain Name System (DNS) that keeps a record of when and where a device has (virtually) traveled.

As a core network service, DNS is essentially the phonebook of the internet—it takes a domain name (e.g., Google.com) and translates it to a specific network location (the IP address of Google’s servers). For IT managers, DNS is a tool that gives visibility into which devices are connecting to their network and where their traffic is being sent. And since more than 90% of malware uses DNS in some way, monitoring this traffic provides a critical early warning that can help identify malware infections. 

DNS monitoring provides a first layer of defense which can be used to automate a number of threat mitigating actions. For example, if a laptop is sending malicious DNS packets or attempting to reach a known malicious internet address, DNS monitoring can identify the request as soon as the device connects to the network and can be used to automate a response to quarantine the device. Or it can simply send an alert if an end host is suspected to contain malware, regardless of where it is physically located. 

The COVID-19 pandemic was an unforeseen event that upended the way that federal employees work and strained the resources and ingenuity of federal IT professionals. As employees return to the office, the threat posed by malware unwittingly brought back into the network could prove to be an equal, but longer-lasting, challenge.

We don’t know how much of an impact this new threat will pose, but we do know that it is one that agencies are going to face. Unlike the COVID-19 pandemic, we have a chance to prepare for it now, and to take steps to address this looming threat. However they choose to do so, IT managers must ensure that Federal IT resources are as protected from infection as their colleagues. Failing to do so risks causing a virtual outbreak on top of our real-world pandemic.  

Ralph Havens is the president of Infoblox Federal.