DOD lays foundation for permanent, secure telework
- By Lauren C. Williams
- Oct 29, 2020
While the Defense Department plans to beef up its primary telework platform, the Commercial Virtual Remote (CVR) environment, by next summer, it is also working on a more secure version, according to John Sherman, DOD's principal deputy CIO.
The Defense Department rolled out CVR earlier this year to accommodate teleworking in response to the pandemic. So far, over a million users are using it for telework, collaboration, calls and video conferences, but a permanent version of the Office 365-based capability is required to support higher-sensitivity, controlled unclassified information and mission critical information, Sherman said Oct. 28 during C4ISRNET's CyberCon event.
CVR currently holds a cloud security level of Impact Level 2, which is sufficient to support telework, he said. The new capability would need an Impact Level 5 that keeps the "same functionality" as CVR, which allows communication between access levels and with users outside of the Department of Defense Information Network, and permits users to bring their own approved devices.
"We're working to bake that into an enduring solution in the run up to June 2021 when we hand the baton off [from] CVR," Sherman said.
The pivot to telework-friendly tools seems to be spreading in the national security arena. National Security Agency CIO Gregory Smithberger, indicated in August that the NSA wanted to increase its use of Microsoft Office 365 across all classification levels.
But that broad adoption, especially with higher rates of telework, means cybersecurity becomes more important. Attempts to compromise DOD's network and users spiked practically as soon as the Defense Department directed personnel to use maximum telework in March. Sherman said that trend has continued with new threats increasing.
"Education has been critical," he said, "to get the word out to these users on these telework platforms that they do need to be extra cautious here -- and that we don't want to down-classify things or do something that's not proper and talk around things."
This article was first posted to FCW, a sibling site to GCN.
Lauren C. Williams is senior editor for FCW and Defense Systems, covering defense and cybersecurity.
Prior to joining FCW, Williams was the tech reporter for ThinkProgress, where she covered everything from internet culture to national security issues. In past positions, Williams covered health care, politics and crime for various publications, including The Seattle Times.
Williams graduated with a master's in journalism from the University of Maryland, College Park and a bachelor's in dietetics from the University of Delaware. She can be contacted at [email protected], or follow her on Twitter @lalaurenista.
Click here for previous articles by Wiliams.