Pandemic Shifts Workforce Indefinitely
In the “new normal,” the workplace—and those within it—will never be the same.
COVID-19 has done more than increase hand-washing and mask-wearing. It has meant an entirely new way of communicating and collaborating. Those on the front lines say some of these changes are here to stay and will last much longer than the pandemic simply because they are more efficient ways to do business.
Bryan Ware and Jeff Reed discussed some of the global shifts in cybersecurity requirements these changes have brought with them. Ware is the assistant director, Cybersecurity and Infrastructure Security Agency (CISA), Department of Homeland Security (DHS), and Reed is a senior vice president and general manager of cloud solutions, Cisco.
The CISA team had to shift some of its priorities immediately to ensure all DHS agencies could conduct secure communications. This brought about efficiencies, Ware said. “It forced us to focus. We couldn’t do everything, so we focused on the important things,” Ware pointed out.
Focusing our efforts and improving business processes to conform to the virtual tools has led to better mission communication, better mission alignment, better focus on the important things and in most cases we're able to execute on the important things maybe even better than we would have had we all been [physically] together,” he added.
For example, communications, processes and meetings started to take place—and continue to occur—on a more scheduled basis. When a virtual room is only available for a specific amount of time, the discussion time is more efficient, in many cases because the participants prepped more, he related.
Communications also has improved because additional planning is done in writing rather than as ad hoc “in-the-hall chats,” he added. “It takes longer, but the information endures and proliferates,” Ware opined.
Changes also occurred on the technology side at CISA. In addition to adopting capabilities such as cloud-as-a-service sooner and faster than DHS most likely would have, Ware said, cybersecurity techniques like zero trust are getting serious study. “We didn't get to those efficiencies immediately, but over time we are seeing the gains, and that was a huge priority for me,” he says. “This COVID ‘boost’ has made it an obvious strategy.”
Reed watched Cisco’s customers move through what he called three stages. In stage one, some companies had distributed workers already, so moving to telework for a majority of their workforce was straightforward because they had virtual private networks (VPNs) in place. “Others, like financial services, had to figure out how to scale up,” he related.
Helping their clients wasn’t without challenges for Cisco, Reed admitted. While its customers’ demands increased, the company’s supply chain was affected by changes in commerce. Because many of its components come from China and Southeast Asia, Cisco had to determine how to get their customers “scaled up from a capacity perspective,” Reed explained.
During stage two, the company’s clients had to determine which security controls were most important in the new environment. Multifactor authentication saw a huge spike, he shared.
Reed said industry and government entities are now in the midst of stage three and asking, “How do I think of things more broadly, and how do I change the security controls I would normally use? Is there visibility on the endpoint? How much do I want to do on VPN?”
While network and data security have been at the top of all organizations’ lists, surprisingly Cisco’s own threat assessors found the number of cyber attacks has not increased during COVID, Reed shared. Instead, it is what is being attacked rather than the total amount of incidents.
Ware agreed, adding that now, because traffic on the VPNs has increased significantly, the number of attacks has remained similar to pre-COVID days, but adversaries’ focus has changed to the VPN, he offered.
To wrap up the panel session, Check asked the participants what they thought the pandemic signals the demise of in both industry and government.
Ware pointed out, “We have the opportunity to rethink the way and where we work. If we can work remotely right now, we don't have to hire all of our employees from the National Capital Region. We don't need as many people with top secret clearances if they're not accessing top secret information. We can leverage commercial and open-source data for our mission.”
These changes will open up a whole new workforce, he added. “They're going to reduce our facility costs, give us opportunities and accelerate the pace of operation and innovation,” he added.
Reed shared that the tools he currently uses to work remotely will likely remain as a result of these changes. “I'm working right now with endpoint protection, multifactor authentication and security on the applications. I'm not on VPN. So, where the users are, we can rethink what the access pattern looks like to be efficient and capable,” he said.