The Defense Department’s mandatory and voluntary work-from-home push this week to protect the workforce from the COVID-19 virus is straining IT systems, even as the government is asking employees to make modifications to limit their consumption of network resources.
The Joint Force Headquarters for Department of Defense Information Networks (JFHQ-DODIN) has already begun blocking streaming websites such as YouTube, Netflix and Pandora, and it may block social media sites too “to maximize operational bandwidth available for COVID-19 response,” reads a message from the Navy’s Information Dominance Directorate (OPNAV N2/N6) and Fleet Cyber Command/ U.S. 10th Fleet.
Navy spokesman Joe Gradisher told USNI News that the Navy networks are being affected by so many remote users but that it would JFHQ-DODIN’s decision to make regarding blocking social media websites.
Regarding the Navy’s networks, NMCI for users in the continental United States and One-Net for users outside CONUS, “as might be expected, the increase in users who are teleworking/social distancing is having effects. While the Navy’s IT Leadership works diligently to improve capacity as these requirements continue to grow, end users are being encouraged to adapt to ensure we can continue with mission assurance while teleworking,” Gradisher said.
According to the N2/N6 and 10th Fleet message, “We must be prudent and optimize the utilization of the available network resources. Currently, NMCI and ONE-NET can support roughly 240,000 simultaneous connections for Outlook Web Access (OWA) and 40,000 for Virtual Private Network (VPN) access.”
Already, just a week or so into the mass teleworking environment, Gradisher said that “data shows internal NMCI users are clogging Outlook Web Access (OWA) access needed for social distant users,” but he added that “our Navy Network team is maneuvering to make the best experience available to all users.”
On the Remote Access Service side, which could be used when Outlook Web Access is not available, the message notes that there are 159,000 government laptops issues and only room for 40,000 devices to be simultaneously connected.
“NAVWAR and PMW-205 are working to expand capacity, where possible, over the next several weeks,” the memo notes.
In some places, capacity cannot be expanded, though. For example, according to the message, a limited number of Mobikey and Enhanced Virtual Desktop (EVD)/Virtual Desktop Infrastructure (VDI) instances can be used to support telework, and Navy does not intend to negotiate any more licenses than it already has.
On the mobile device side, the Navy has issued 35,000 Blackberry Unified Endpoint Management (UEM) devices such as iPhones, iPads and other mobile devices, but bandwidth limitations would preclude the addition of new devices beyond those already issued.
The Navy cautions against taking actions to get around these bandwidth limitations, though.
“When using remote work options, information security is paramount. As we continue to operate in remote work environment, we cannot allow ourselves to violate security protocols. Using personal e-mail and other commercial services (e.g.: Gmail, Zoom, WebEx, and others) for official business is not permitted. The potential vulnerabilities open the door for our adversaries to collect information that could be used against us. Getting the job done at the expense of information security is unacceptable. It is better that work be delayed than be done in a way that compromises information,” the message reads.
Recommendations from the Navy and DoD to safely telework while minimizing the strain on the networks include limiting use of “reply all” emails to reduce network traffic, using DoD SAFE for large or secure file transfers, working offline when possible, checking local internet connections or asking knowledgeable coworkers about connectivity issues before calling the IT service desk, providing alternate phone numbers other than desk phone numbers in out-of-office messages and email signatures while teleworking, closing applications such as email when not actively using them, and more.
The Navy’s message recommends prioritizing remote access options in the following order:
1) Mobikey and EVD.
2) Mobile devices with Blackberry UEM. Consider downloading all of the Blackberry Work/Edit/Access applications to get full capability, including the ability to edit documents. Reach to your local support team for help in getting these apps on your phone.
3) Outlook Web Access. Ensure OWA users have a signed agreement and are well trained on OWA requirements and best practices. Command Access Card (CAC) readers are required for use with OWA. A CAC reader that has been used on a personal computer may NOT be brought back to work and used to connect to the DOD Information Networks (DoDIN). If a government CAC reader is brought home and used, it must remain at home. Individual commands will determine whether individuals should bring Government CAC readers home permanently to support OWA use. As heavy OWA use is expected during the implementation of these measures, users should connect periodically to stay updated, but disconnect afterward to facilitate access for other remote users. Users with government laptops should access email via OWA vice Remote Access Service (RAS) whenever possible to reduce RAS connection load. Naval Network Warfare Command (NETWARCOM) enabled OWA to support file download and upload when using Internet Explorer (IE) ONLY. Other browsers will not permit download or upload of attachments as files. The use of IE for file download and upload provides new, additional flexibility while using OWA and should relieve some of the need for RAS access.
4) Remote Access Service. Use in accordance with references (d) and (e). The ratio of government laptops to available connections is about four to one (159,000 devices with only 40,000 simultaneous connections available). Again, personnel with government laptops should connect via OWA for email access as a first option to limit RAS connection load. Using RAS when needed; personnel should only connect to download or transmit emails, or to access other resources only accessible by VPN, and then log off to reduce RAS connection load. Work offline until next period needed to transmit/receive/access. NETWARCOM is implementing time restrictions on the VPN, so expect to be kicked off if you are logged on too long.