WFH, not WTH? The security challenges of working-from-home


  • Neal Kushwaha IMPENDO Inc., Ottawa, Canada
  • Piret Pernik NATO CCDCOE, Tallinn, Estonia
  • Bruce Watson IP Blox, Eindhoven, Netherlands



work from home, government, insider threats, foreign state actors, national interest


Under the coronavirus pandemic, governments and corporations around the world have adopted a work-from-home (WFH) mode of operations to continue governing and operating. Over a two year into the COVID-19 pandemic, many of us continue to work from home and a large majority have few plans to return to the office. Early on, governments and companies scrambled to increase Virtual Private Network (VPN) licenses and bandwidth capacities to take on the additional user load at a technical level. This allowed a near seamless continua of communications for common government unclassified information and corporate sensitive information of non-national interest using commercial software encryption. But what about information of national interest? A smaller number of individuals in key government departments, sometimes under staff rotations, continued to work in the office to serve these needs. Within weeks, government departments began deploying assets to access classified Secret systems from home. This paper discusses the WFH use of classified (e.g., Secret) IT systems while considering multiple security areas (physical, operational, personnel, IT, communication, and electromagnetic and radio-frequency emission) with focus on insider threats and foreign state actors, to describe the impact to the WFH public servant, the citizens, and the government. It describes the severe security challenges and risks governments have accepted under the pandemic, raising the question “what the heck were governments thinking?”