Pandemic response surfaces security gaps
Government’s response to the virus has revealed areas for improving cybersecurity, data sharing and emergency preparedness, experts say.
The changes to government security practices wrought by the COVID-19 pandemic are unlikely to dissipate when the virus does, current and former government officials said during a recent webinar.
“Public safety and in particular the intelligence community has access to more data … than they ever had,” former FBI Assistant Director Kevin Brock said. “The question becomes should they collect it and can they collect it constitutionally.”
He spoke during one panel an April 23 webinar titled “Flattening the Curve,” hosted by Carbyne, a public-safety technology firm. The event gathered state, local and federal officials to discuss how government’s response to the virus has revealed areas for improving cybersecurity, data sharing and emergency preparedness.
Because public-safety data is usually highly sensitive, officials have been reluctant to use it, but technological advances such as cloud security are making it easier to share securely -- and just in time. Public-safety data can be useful for contact tracing -- or monitoring the people potentially exposed to the coronavirus. To achieve this -- and protect privacy -- companies are looking to anonymize the data collected by apps that run in the background on smartphones.
Still, because the data is medical in nature, it falls under Health Insurance Portability and Accountability Act rules. “There is technology that can be leveraged to do this type of contact tracking, but it’s going to involve a large national conversation about … the limits of prudence,” Brock said.
Another double-edged sword in pandemic-response is bandwidth. The United States is in better shape to deal with a national emergency because of the amount of bandwidth available allows people to work from home, said Michael Chertoff, former secretary of the Department of Homeland Security.
“But I think it reveals two vulnerabilities. One is our infrastructure is being strained by the … new volume of traffic that is entering the networks,” Chertoff said. The other issue is security. “Most companies and certainly the government operate a reasonable degree of security on their official endpoints for people getting into the network either through a [virtual-private network] or at the office. All of a sudden … you have people using their home devices to get onto the network, and that has dramatically increased the surface area for attacks.”
The number of cyber threats against the government and the public have indeed spread along with the pandemic. The World Health Organization reported a five-fold increase in cyberattacks, while DHS’ Cybersecurity and Infrastructure Security Agency and the U.K.’s National Cyber Security Centre issued a warning on April 8 about “a growing use of COVID-19-related themes by malicious cyber actors.”
“From a technology standpoint, the impact is clearly how do we enable a remote workforce,” Brock said. “Even law enforcement is finding that they’re having to do more work from home -- patrol officers are still out on patrol, detectives are doing work remotely and making connections in a secure way,” he said. However, law enforcement and public safety agencies were largely unprepared for a wholesale shift to remote work. “They were making some strides, but this pandemic has become a forcing function for law enforcement to come to grips with that.”
Local emergency response centers are also grappling with different levels of telework preparedness. In Fairfax County, Va., solid continuity-of-operations plans (COOP) enabled 911 dispatchers to quickly begin working from home, said Steve Souder, director emeritus of the county’s Department of Public Safety Communications.
For others, the experience is revealing holes. “We thought we had a very good plan in place, but this has made us think outside the box,” said Katye Vogt, director of Fayette County, Ga., 911 Communications.
What’s more, now that most all emergency response agencies are overwhelmed, they can’t rely on one another to provide mutual aid as they normally would. As a result, emergency response officials must re-evaluate their COOP, said Tyrell Morris, executive director of Orleans Parish Communication District, which handles 911 and 311 calls in New Orleans.
“A lot of our plans were built heavily on failures of infrastructure, of space or equipment. A lot our plans failed to address the humanistic side,” Morris said. “This is an opportunity to redefine what efficient and effective government looks like.”