COVID-19 and Cyber Security

As COVID began to ravage the United States in February 2020, many agencies prepared for what was thought to be a short-term work from home or telework environment. Agencies ordered laptops, webcams, and additional monitors in addition to Person Protective Equipment for their essential workers. Now, a year later, people are asking themselves is this the “new norm?” Are we ever going to return to life as we knew it -without a mask permanently affixed to our faces? With the release of COVAX this is now a legitimate possibility.

 As the third COVID relief bill was just signed, an important aspect of the early versions of the bill was removed – additional funding for cybersecurity. The initial request for added funding came on the heels of the SolarWinds hack that had ripple effects throughout the government, as it showed the inherent vulnerabilities in our endpoint infrastructure. In government acquisition, cyber security is paramount. According to the Absolute 2019 Global Endpoint Security Trend Report “… 42 percent of endpoints are unprotected at any given time.” Now that an unprecedented number of full time employees, government and contractors alike, are working from home, extra steps need to be taken on all sides to protect the integrity of their data. What was once a concern for only classified and acquisition sensitive information is now a concern for all information, with cybercrime and data spills escalating as the world works from home. Cybercrime often uses emotions to manipulate computer users. Attackers have found new, effective strategies, using the panic the global pandemic has introduced. Phishing, and other cyber-attacks manipulate the fear and insecurity of all computer users to steal and destroy pertinent data.

President Biden stated in the National Strategic Security Guidance, “recent events show all too clearly that many of the biggest threats we face respect no borders or walls and must be met with collective action.” The pandemic is not just about the loss that has affected individual households, but bolstering our infrastructure through loans for the Small Business community, cyber security, information technology among others. Without the latest COVID bill providing the extra funding to boost the nation’s cybersecurity and information technology posture, it begs the question  – how is the government going to address this urgent national security issue?

Moreover, “The World Health Organization and [government authorities] are using digital systems to send and receive information about the nature and magnitude of infections, educate the public on how to prevent transmissions and instruct on what to do if infected.” Massively sensitive information is being transferred as quickly as possible, opening up opportunities for malicious attacks. The stage has widened and the target has narrowed, with the world focusing on COVID and using online-only resources to glean their information. Thus, the need for cyber security funds remains essential. Major investments in IT and cybersecurity are time consuming and costly. “…[Security] demands creative approaches that draw on all the sources of our national power: our diversity, vibrant economy, dynamic civil society and innovative technological base, enduring democratic values, broad and deep network of partnerships and alliances, and the world’s most powerful military.” Therefore, it is essential that these resources are used as effectively as possible, whether that be for daily responsibilities, or disaster response. Existing cyber contracts as constructed were unable to respond to unique surge requirements of COVID-19.

It is imperative that innovative procurement strategies are developed to meet these unexpected and unprecedented challenges. One solution our team at WBD has developed is to accelerate the move from acquisition Performance Work Statements (PWS) to a document called a Statement of Objectives (SOO). The more generalized requirements seen in an SOO allows for quicker response to rapid changes. Disruption and confusion is inevitable during times of change, but the acquisition space can be more prepared by reshaping the requirement while it’s being written. Well-crafted SOOs are one way to balance the detail required for optimal performance, with the inclusive and forward-leaning language that technology now demands.

As rapid changes in technology shape every aspect of our lives and our national interests, it shapes our procurement outlook and strategies as well. PWSs that put Anna Karenina to shame are on the way out and concise and agile Statements of Objectives are on the way in, allowing Contractors to be creative, advocating for new technology, and overall ensuring the effective use of taxpayer dollars. “America must reinvest in retaining our scientific and technological edge and once again lead, working alongside our partners to establish the new rules and practices that will allow us to seize the opportunities that advances in technology present.”

Ahmad, Tabrez. “Corona virus (covid-19) pandemic and work from home: Challenges of cybercrimes and cybersecurity.” Available at SSRN 3568830 (2020).

Okereafor, Kenneth, and Olajide Adebola. “Tackling the cybersecurity impacts of the coronavirus outbreak as a challenge to internet safety.” Int J IT Eng 8.2 (2020).