This week provided yet another demonstration of just how unprepared the federal government was to deal with the level of remote work that has been required by the COVID-19 outbreak. Congressman Jim Jordan revealed that a Congressionally-run oversight hearing with John Sopko, the Special Inspector General for Afghan Reconstruction, was “zoom-bombed” three times.
It’s not yet known what information the hacker may have heard while infiltrating the call. But the thought of conversations between members of Congress and an Inspector General being accessed by unknown hackers is extremely alarming.
Zoom’s security lapses have become well-known during the Coronavirus pandemic. Many of the security keys it uses are expired, its doesn’t use end-to-end encryption for video or audio, and at least some of the audiovisual data flows through Chinese servers. Still, the combination of ease of use and affordability (including a free option) is making it one of the most-used videoconferencing apps during the pandemic. Hundreds of meetings have been infiltrated, with hackers sometimes supplanting video feeds with profane or sexually explicit video. The fact that members of Congress would use it to conduct oversight is a sign of how fast people are having to move to get the people’s business done. But it points to the value of establishing and following processes designed to protect people and information.
Government investigative offices will have plenty of opportunities to draw lessons from the problems that arose from this incredibly disruptive time. While it might not be fair to pin blame on all of the people who make mistakes, that doesn’t mean the outcomes of those actions can’t be used to build better processes in the future. One of the most important findings may be that agencies need to have emergency protocols in place for known but unlikely risks that could jeopardize their functioning.
To learn how WingSwept can help your investigative agency function effectively no matter where you are working, call us at 855-667-8877 or email Team_CMTS@MyCMTS.com.