VPN and teleconferencing security spending will enable home networking

A White House request for $45.8 billion of emergency funding to help government agencies respond to the escalating coronavirus crisis earmarks tens of millions of dollars for bolstering cybersecurity defences.

Issued by the Office of Management and Budget on Tuesday (March 17), the proposal includes cybersecurity among its spending targets for the $47 million allocated to the Department of Homeland Security (DHS).

Multimillion-dollar boosts for the Department of Energy, Department of the Interior, and National Archives and Records Administration also feature in the plan.

The plan was issued on the same day the Trump administration put a $1 trillion stimulus proposal before Congress.

Home working drive

The proposal for emergency federal funding makes frequent reference to teleworking, amid concerns that the mass migration to home working could leave government agencies and private organizations vulnerable as their security perimeter suddenly expands.

Teleconferencing, virtual private networks (VPNs), and network security upgrades are all highlighted as spending priorities in the proposal sent to Capitol Hill.

The funding allocations that reference cybersecurity support include:

  • $47 million for the Department of Homeland Security – to meet IT requirements including expanded conference call capabilities, cybersecurity measures, and virtual private networks, as well as cleaning costs and personal protective equipment
  • $21 million for the Department of Energy – to meet IT requirements, including teleworking and cybersecurity costs
  • $17 million for the Department of the Interior – for network security upgrades to reduce cybersecurity risks, including servers managed for other agencies
  • $5.5 million for the National Archives and Records Administration – to provide electronic remote access for all employees, including hardware and cybersecurity upgrades

One notable exception for cybersecurity-related funds is the Cybersecurity and Infrastructure Security Agency (CISA), which provides cybersecurity advice and resources to federal agencies.

CISA, which is part of the DHS, was instead allocated funds of just $30,000, for six months’ worth of personal protective equipment for CISA personnel.

Critical infrastructure in the age of Covid-19

CISA provides alerts about security issues, vulnerabilities, and exploits in IoT, web, mobile, and critical systems applications – including guidance issued yesterday (March 19) for managing critical infrastructure workers during the Covid-19 outbreak.

The US federal emergency funding proposal comes as cybercriminals continue to exploit the global health emergency, which has so far led to more than 200,000 infections and more than 8,700 deaths worldwide.

There has been a spike in phishing scams impersonating trusted health bodies like World Health Organization and the Centers for Disease Control and Prevention (CDC), a US federal agency, while the US Department of Health and Human Services was hit by a suspected DDoS attack on March 15.

The cyber-resilience of the healthcare sector, which has become a prime target for ransomware attacks, is a particular concern as the industry prepares for a surge in patients infected with Covid-19.

Although some cybercrime gangs have pledged a ceasefire on targeting hospitals during the crisis, a Czech hospital that conducts coronavirus testing fell victim to ransomware on March 13.

The Daily Swig has contacted CISA for comment on its expectations for federal funding.

RELATED Coronavirus pandemic fuels phishing and malware surge