Two U.S. Senators expressed their concern that federal government employees could be undermining the United States' national security by using VPNs made by foreign companies.
In a letter dated 7 February 2019, U.S. Senators Marco Rubio (R-FL) and Ron Wyden (D-OR) brought up the issue of VPN usage in the federal government to Christopher Krebs, director of the Cybersecurity and Infrastructure Security Agency (CISA). They note how millions of users have downloaded VPNs over the past few years as these apps have grown in popularity. Of particular concern to them are those programs made by companies in foreign countries "that do not share American interests or values." Their fear is that foreign governments hostile to the United States could use those VPNs to target federal employees and thereby conduct surveillance of the American government. The two Senators therefore call on the U.S. Department of Homeland Security (DHS) to take action. As quoted in their letter:
...[W]e urge you to conduct a threat assessment on the national security risks associated with the continued use by U.S. government employees of VPNs, mobile data proxies, and other similar apps that are vulnerable to foreign government surveillance. If you determine that these services pose a threat to U.S. national security, we further request that you issue a Binding Operational Directive prohibiting their use on federal government smartphones and computers.
VPNs made by companies in foreign countries are just one of the digital security challenges facing the U.S. federal government. In 2018, researchers identified gaps in the government's policy surrounding the Internet of Things (IoT), for instance. There's also the issue of what long-term damage the 2018-2019 government shutdown might have done to U.S. digital security, including federal agencies' ability to attract skilled talent going forward. Given these obstacles, federal agencies would be wise to invest in a security solution that can help them defend against digital attacks as well as meet evolving compliance needs. Learn more here.