Maine has committed to spending more than $1 million on new software in light of Microsoft’s announcement that it will end support for Windows 7 in 2020.
The state has an established practice of replacing computers that are more than five years old. The problem facing the government is that after January 14, 2020 support for Windows 7 will come to an end, eliminating technical support, software updates, and security updates. The security patches are a crucial part of the operating system, forcing the state to upgrade 10,000 computers within the upcoming year.
Operational efficiency and security from ransomware attacks are the prime motivations for the move.
Summarized from GovTech.com
A federal cybersecurity agency and state government associations issued guidance on protecting city, county, and state governments from the growing threat of a ransomware attack.
The agency urged governments to take preventative action to protect their information technology systems from ransomware attacks that have cost municipalities millions in damage, ransom fees, and lost revenues.
They recommended three steps to improve resiliency against ransomware.
- Regularly back-up all critical agency systems and store the back-ups offline.
- Reinforce basic cybersecurity awareness among employees and remind them how to report incidents.
- Revisit and refine cyber incident response plans and have a clear plan in place to address a cyberattack when it occurs.
A ransomware attack on Baltimore is expected to cost the city $18 million and two Florida cities recently paid hundreds of thousands of dollars in ransom fees to recover their data. At least 170 city, county, or state governments have experienced a ransomware attack since 2013 according to the U.S. Conference of Mayors.
Blockchain technology is perhaps the most talked about and yet the most misunderstood emerging technology in the world today. Blockchain is a method for recording transactional information by storing, securing, and sharing data between separate parties.
Blockchain permanently records, in a sequential chain of cryptographic hash-linked blocks, the history of asset exchanges that take place between peers in the network. All the confirmed and validated transaction blocks are linked and chained from the beginning of the chain to the most current block. The blockchain acts as a single source of truth, and members of the blockchain network can view only those transactions that are relevant to them.
The blockchain revolution that has been taking hold at major corporations, among forward thinking policymakers, and with startup technologies, is making corporate and government operations more efficient and secure.
A May 2018 Deloitte survey of corporate executives found that 74 percent see a compelling case for the use of blockchain in areas from health care and real estate to cybersecurity and education. State and local governments also have begun to employ blockchain in land title and health provider registries.
Benefits include security and audit trails that are built into the way it creates immutable records of new data and transactions; the ease at which it can facilitate, record, and share data and transactions in a relatively frictionless fashion with little need for human interaction; the ability to consolidate across various systems; and its capacity to provide end-to-end visibility and transparency into an entire network.
Facial recognition technology provides a powerful tool for efforts to identify international terrorist groups and activities. Domestic use of the same technology for law enforcement purposes has generated a widespread call for regulation.
This technology can identify people’s faces and understand expressions which infringes on a core social space, more so than tracking online data. There is concern that use of facial recognition can threaten constitutional rights including racial and gender equality, freedom of speech and assembly, and the ability of the press to operate without the threat of retribution.
Currently, facial recognition algorithms are only as good as the data upon which they are based. To protect the public, it is vital that regulators establish strong and flexible safety standards. Using European standards as a model, the United States should adopt guidelines that will help build public trust by establishing limits on its use.
Summarized from The Hill
Though Americans want more control over their data, little is being done by the federal government to update regulations. To fill the gaps, other agencies are enacting regulations to provide some solution to the problem.
In spring, 2018, European nations enacted sweeping privacy standards known as the General Data Protection Regulation (GDPR) to enable greater control over how personal information is gathered and used. In the U.S., citizens do not have much say over the matter.
The issue of data privacy is linked to Internet use, making it a component of interstate commerce, a federal regulatory issue upon which Congress has yet to act.
When the California Consumer Privacy Act (CCPA) becomes effective in 2020, residents will: know what personal data is being collected about them; know whether their personal data is sold or disclosed and to whom; be able to opt out of the sale of their personal data; and access their personal data.
In Arkansas, the Chief Privacy Officer ensures that government is not being too heavy-handed with personal data by reviewing all pertinent legislation.
Hurdles to implementing privacy regulations on a state or local level comes from businesses who see the regulations as a burden; lack of expertise in defining and enforcing privacy regulations; uncertainty about legal ramifications; and technical issues.
Summarized from Govtech
As government collects more citizen data and cyberattacks increase in frequency, states are hiring chief privacy officers to keep data secure. As technology becomes more sophisticated and government collects more personal data, cybersecurity attacks will expose more people’s personal information.
To combat the issues 13 states have hired chief privacy officers (CPOs), including New Jersey. The CPO manages legal risk, ensured compliance with privacy doctrines, and creates standards around data privacy as governments collect more data and share it between agencies.
Nearly all CPOs come from legal backgrounds and operate in the Information Technology department. The role of CPO adds value to the data protection efforts statewide and sends a message that privacy best practices should be considered whenever processing data.
Summarized from govtech.com
Using artificial intelligence (AI) adds trillions of dollars in value to goods and services each year with Amazon dispatching items to regional hubs in anticipation of purchases and small businesses using AI resources for Google and Facebook to target advertising.
But governments have been slow to apply AI to their policies and services. In theory, AI could be applied to the educational needs of children; to fit healthcare to the genetics and lifestyle of patients; help predict and prevent traffic deaths, street crime, costs of floods, disease outbreaks, and financial crises; all with state-of-the-art modeling.
Influencing progress is the fact that governments have struggled with more simple technologies, witnessed by the web site failure at the launching of the Affordable Care Act in 2013 and similar failures.
Technological innovation is essential for governments to maintain a position of authority in a data intensive world. The core tasks of governments, enforcing regulation, setting employment rights, and ensuring fair elections requires an understanding of data and algorithms.
Government interactions with citizens generate trails of digital data. Among other possibilities, AI can use this data to personalize public services developed and adapted to individual circumstances; enable government to forecast more accurately, predicting trends and events; and stimulate complex systems to experiment with different policy options to spot unintended consequences.
Summarized from nature.com
With state governments receiving hundreds of thousands of cybersecuity alerts daily, a need is created to develop a new plan to fight threats and attacks. Each alert may or may not represent a relevant threat and determining even one suspicious event consumes significant staff time and resources. Government must develop more efficient methods for identifying critical indicators from the multitude of events.
Artificial intelligence and machine learning are options for solving this problem. One version of AI maps events to machine learning data models that execute an algorithm built from past samples to classify an event as benign or a threat.
- AI strengthens cybersecurtity defense by:
- Scanning large volumes of events from multiple sources
- Identifying variations from typical network traffic patterns
- Grouping related security events and notifying security personnel about potential threats
- Watching IoT (Internet of Things) network entry points
Cybersecurity is full of grey-area challenges but by incorporating deep learning principles with state-of-the-art machine learning algorithms cybersecurity will continue to improve. The perfect AI does not yet exist but it remains an effective security tool.
Summarized from Government Technology
Most local governments are not racing to adopt blockchain technology, currently in its early stages of development.
Blockchain functions as a transaction ledger that can only have “blocks” of information added but not altered. Cryptography ties new blocks to preceding blocks in a chain by having hundreds of computers and servers in the network solve the same mathematical proof (mining) in order to validate the transaction.
Reports of people investing in cryptocurrency scams (ex. 51 percent attack) where hackers accumulate 51 percent of a central processing unit power in order to rewrite a transaction history, has raised concerns about blockchain.
Local governments have expressed interest in private blockchains like the IBM Hyperledger because it is a permissioned network where participants agree on the party doing the mining. In addition, local governments have used blockchain with smart contracts where the terms of the agreement are coded into a blockchain and self-executed.
An additional concern is that a single transaction uses as much energy as the average U.S. household uses in a day.
Summarized from nextgov.com
Back to Blog.
Atlanta suffered one of the highest profile cyberattacks against a U.S, target when the ransomeware virus SamSam wreaked havoc on nearly every part of the city government.
The virus infected financial systems, court systems, customer relationship systems, and service desk systems, resulting in a massive loss of data that needed to be recovered. When logging on to these systems, employees were greeted with an anonymous request for a bitcoin payment amounting to $51,000.
A system audit prior to the attack showed that nearly 100 government servers were running a version of Windows that Microsoft stopped supporting years earlier and as many as 2,000 other vulnerabilities turned up, making Atlanta a prime target.
The initial recovery steps were to implement fundamental practices including better password management and greater restrictions on access to sensitive systems. In addition, the city migrated many critical applications to a hybrid cloud service to improve security.
State and local governments need to develop a collaborative action plan ahead of time in order to effectively respond to ransomware and similar cyberattacks.
Summarized from StateScoop