At a glance.
- CISA issues guidance on continuity of operations for critical infrastructure.
- Federal agencies grapple with remote work policies.
- Industry groups ask California to delay CCPA enforcement.
- US-Iranian tensions continue, with US sanctions and Iranian disinformation.
US telework policies show centralized guidance and support, decentralized planning and execution.
There’s been a great deal of discussion of how the public and private sectors will need to organize their work during the pandemic. As the Voice of America and others point out, the risk of cyberattack rises with the incidence of telework, and so security considerations assume a correspondingly greater importance.
Not all work, however, can be done remotely, and, as the White House put it Monday, “If you work in a critical infrastructure industry, as defined by the Department of Homeland Security, such as healthcare services and pharmaceutical and food supply, you have a special responsibility to maintain your normal work schedule.”
With that in mind, the US Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, CISA, has issued guidance for how organizations should consider organizing their work (and employees) during the present COVID-19 emergency. CISA stresses that the recommendations are advisory in nature, but they do suggest how organizations might decide who needs to report, physically, to the job and who might work remotely. They also suggest ways of arranging workplaces and work schedules to “reduce the likelihood of spreading the disease.” A number of the jobs the recommendations discuss are directly concerned with cybersecurity.
The sectors CISA discusses include: healthcare and public health; Law enforcement, public safety, and first response; food and agriculture, energy (and that includes not only electrical power, but oil, gas, and renewables); water and wastewater; transportation and logistics; public works; communications and information technology; other community-based government operations and essential functions (one example CISA discusses is hospitality--if local governments and organizations are given access to hotels for quarantine or emergency housing, then these assume a criticality they wouldn’t normally have); critical manufacturing (that is, manufacturing that supports the other critical sectors); hazardous materials; financial services; the chemical industry; and, finally the Defense Industrial Base.
CISA encourages some specific measures, including letting people work remotely wherever possible, but the document is careful to emphasize that there’s an important element of decentralization in any effective response. As CISA puts it, “Response efforts to the COVID-19 pandemic are locally executed, State managed, and federally supported.”
Federal agencies continue to work on their own remote work policies.
The US Department of Defense is among those grappling with telework during the pandemic emergency. As Politico quotes opinion around the Pentagon, "Every other workplace is saying go home, but there are quite a few people in the building that are not mission-essential." Many contractors in particular remain required by the terms of their contracts to work on-site, and industry groups are appealing to both Congress and the Administration for relaxation of those rules in ways that would facilitate remote work, Federal Times reports. Federal News Network is maintaining a useful, continuously updated site devoted to tracking agencies' remote work and other coronavirus-related policies.
Industry groups ask California to delay CCPA enforcement during the COVID-19 emergency.
More than thirty industry groups have petitioned California's Attorney General to postpone enforcement of the California Consumer Privacy Act until the coronavirus crisis is closer to resolution, the Association of National Advertisers says. They need time to implement the measures CCPA requires, and they believe implementation will be effectively impossible until the emergency is over and work returns to something more closely resembling normal.
The US declines to relax sanctions against Iran.
The US this week unambiguously told Iran that it had no intention of relaxing sanctions imposed on the regime for what the US has long characterized as Tehran’s support of terror. Iran called the decision “cruel,” coming as it did during a pandemic. The Wall Street Journal’s report notes that yesterday the US Treasury Department added five companies to the list of those sanctioned, in this case Emirati-based firms accused of serving as conduits for Iranian oil exports.
Iran appears to have suffered particularly badly from COVID-19, with an acknowledged 17,361 cases, 1135 of which have proven fatal, Foreign Policy reports. The Islamic Revolutionary Guard Corps has mounted a domestic influence campaign to place responsibility for the pandemic on its two usual suspects: the US and Israel, the Great Satan and the Lesser Satan. The virus originated, the disinformation says, as a US biowar program that Zionists have moved the US to use in a campaign of biological terror against Iran.