Some Good News (and a little bad news) about Our Government’s Cybersecurity

Alright, we’ll do bad news first. Not because I’m a cynic (I’m not), but because I want to get it out of the way and talk about some positive things that are happening with the federal government as they relate to safeguarding American citizens’ personal and private information.

The bad news is we are continuing to see data breaches of federal government agencies. The list of departments suffering hacks resulting in the compromise of the personal information of hundreds of thousands of Americans continues, with two additional breaches publicized this week:

IRS PINs stolen
“The Internal Revenue Service was the target of an attack that used stolen Social Security numbers and other taxpayer data to obtain PINs that can be used to file tax returns electronically.”

These latest breaches come on the heels of numerous other federal agency breaches, most notably the breach of the Office of Personnel Management (“OPM”) announced in June of last year, which involved the records of more than 18 million people (some accounts put the number closer to 21.5 million) and which has been described by federal officials as, “…among the largest breaches of government data in the history of the United States.” (Source: Wikipedia, Office of Personnel Management Data Breach).

obama signs orders on cybersecurity
Seriously outdated technology, such as the Social Security Administration’s system that still runs on a platform written in the 1960s in the COBOL programming language, is adding to cybersecurity challenges.

Ok, so that’s the bad news. What’s the good news, then? Well the good news is that apparently (fingers -and toes – crossed), the feds have gotten the message and are now taking concrete steps to make changes towards securing the data of not only Americans who work for the government, but folks working in the private sector, as well.

According to news reports earlier this week, the Obama administration is taking a number of steps to “step up,” as it were, the cyber defenses of our Nation’s government, and to help guide private enterprise in the same mission. Here is a ‘short list” of what’s happening and what’s being requested:

  • the President sent to Congress a proposed 2017 budget that includes a request for $19 billion for IT upgrades and cyber initiatives (a 35% increase over 2016)
  • the President signed two (2) Executive Orders, that created two (2) new entities: (a) a Commission on Enhancing National Cybersecurity (CENC), and (b) a Federal Privacy Council (FPC)
  • the CENC “will be made up of business, technology, national security and law enforcement leaders who will make recommendations to strengthen online security in the public and private sectors. It will deliver a report to the president by Dec. 1″
  • the FPC “will bring together chief privacy officers from 25 federal agencies to coordinate efforts to protect the vast amounts of data the federal government collects and maintains about taxpayers and citizens.”
  • “The White House said it also plans to create the new position of Chief Information Security Officer to coordinate modernization efforts across the government, including a a $3.1 billion Information Technology Modernization Fund.”
  • the Administration’s plans include “training and shared resources among government agencies” and “48 dedicated teams to respond to attacks”
  • recruiting top IT talent will also be prioritized and bolstered through student loan forgiveness programs and incentives
  • there are also plans to encourage multi factor authentication and reduce the use of SSNs as unique identifiers for Americans

(Source: USA Today, Obama signs two executive orders on cybersecurity, by Gregory Korte, February 9, 2016)

There is a lot to like in these efforts, which if implemented should go a long way towards securing the private and personal information of millions of Americans. Of course, how long it will take and how effective these “good news” actions will be if and when they’re taken remain unanswered questions, the answers to which will say much about just how serious American elected officials are about cybersecurity and the privacy and security of their constituents.

 

 

Leave a Reply

Your email address will not be published. Required fields are marked *