A “phishing” scam resulted in erroneous access to social security numbers, medical information, employment records, and financial details stored in the Minnesota Department of Human Services computers.
Phishing is a type of email fraud that attempts to trick a person into providing sensitive information including passwords and financial data. Phishing is often an easier information stealing process that hacking into an entire computer system.
Phishing email characteristics include: the appearance of real emails or web pages; suspicious attachments; prize or trip offerings; and requests for urgent action. The compromised data is often used for additional phishing attacks.
Signs that a phishing email has arrived include: links embedded in messages that display a weird address when hovered over by a mouse; spelling mistakes and poor grammar; a vague salutation; a request for personal credentials; threatening or urgent language; unexpected attachments; or a vague signature.
Technology exists that can help to prevent phishing attacks, a funding issue that is being addressed by the Minnesota legislature.
Summarized from West Central Tribune
State legislators are contemplating legislation that will push state government to go paperless. The bill will establish a task force to examine the feasibility of transitioning to digital records. The task force goal is to lower costs and minimize waste while streamlining operations, assessing risks, determining necessary modifications to state law, and defining cybersecurity protections.
Over the past decades public and private sector entities have moved many operations online including electronic banking and bill paying, direct deposit of salaries, and preparation of meeting packets.
Though efficiencies and money savings are positives, negatives to be addressed include cyber threats and improper destruction of electronic information.
The Task Force will have one year following formation to report its recommendations.
Summarized from govtech.com
The recently ended partial government shutdown has weakened cybersecurity with both immediate and longer-term negative consequences. While many essential cybersecurity functions continued, the jobs were made harder because other IT staff who would normally implement routine fixes were furloughed.
Close to half of the employees within the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA), were furloughed as were eighty-five percent of the National Institute of Standards and Technology workers. These are the employees who help private- and public-sector companies stay up to date on the latest cyberattacks and mitigation techniques.
Among the most critical problems during the shutdown was the suspension of basic maintenance procedures. Cybersecurity functions otherwise deemed “essential,” suffered because of a lack of incoming information and assistance from other government agencies. Additionally, during the shutdown malware may have been implanted that will last long past the time when the deal was reached.
A Unisys survey of more than 2,000 people in eight states showed that people who prefer mobile engagement want a single app to download for access to all government services. About a third of the people surveyed want to use their mobile devices with half of those wanting a single point of access.
The greatest barriers to online engagement between the populace and government are privacy and security issues. Two-thirds of the respondents were concerned about how their data would be used by the agency and how the personal data would be protected.
Additional conclusions are the computers and tablet are preferred for complex tasks including paying taxes or renewing licenses and mobile devices are preferred for more simple issues including obtaining general information or reporting incidents. A large number of people surveyed want to see the government share data for limited purposes related to strengthening security or increasing efficiency.
Summarized from PR Newswire
According to the U.S. Census Bureau, nearly one in five Americans have a disability, including vision or hearing loss or mobility impairment. In many cases this prevents this population from accessing important government information when the web sites have not been created with accessibility considered in the original design.
According to a recent study of 400 state government websites by the Information Technology and Innovation Foundation (ITIF), 41 percent failed the accessibility test which prevented someone with a disability from accessing important public information including election information, obtaining a driver’s license, and paying taxes.
Government agencies should begin adhering to an “accessibility first” strategy designing websites to be accessible for people with disabilities from the outset as this will make e-government services better for everyone.
Summarized from Government Technology Magazine-October/November 2018
As modernizing information systems by government is becoming increasingly important, agencies can no longer afford to operate the same old way due to the volume, processes, and governance required to serve citizens.
As the scale of necessary information increases, document management (DM) and Enterprise Content Management (ECM) systems no longer can deliver the necessary level of service. Governments that fall behind on new technology cost taxpayers.
A Content Services Platform (CSP) is a more efficient and effective means of collecting and making available necessary information. An investment in CSP will provide an information hub allowing employees and citizens to access and share information without searching across multiple applications. CSPs are low-code/no-code platforms that allow a wide range of people to contribute to the delivery of business applications. Additionally, CSPs can be built to provide classification, recognition, and prediction capabilities to the increasing amount of information that needs to be processes daily.
Summarized from machinedesign.com
Because technology progresses rapidly and government does not, it is difficult for cyber security professionals to keep up with changing technologies. U.S. intelligence organizations are working constantly to keep up with continuously evolving threats, with constant awareness of the balance between privacy and protection.
The government needs to make certain that the public and private sectors are safe from threats including hacking and malware by providing constant vigilance and adaptability. Social media, unregulated for the most part, is often used by terrorists to recruit and spread propaganda. Currently, debate is ongoing regarding regulation of social media. Europe has already taken a step forward with General Data Protection Regulation (GDPR) which enhances the protection of personal information by creating stringent requirements for how to companies get permission to use customer data.
Tech companies now collect new types of data including voice data from always-on voice technologies including smartphones, virtual assistants, and smart home speakers. Unfortunately for users, the speed of technological development far exceeds the speed at which government can regulate and innovate, resulting in diminished protection of personal privacy.
What happens when a government system can’t do what it was designed and built for? The reality is that system failures are common in the public and private sectors and are often the result of design failure and/or lack of upkeep.
Large spikes in traffic, by example the IRS system failure crash on tax day 2018, are often the result of multiple points of failure including overloaded servers and browsers. In many cases government agencies are relying on systems that weren’t designed or tested for major traffic surges. For instance, the federal government has 4,500 web sites and 400 domains, 91 percent of which failed to perform in either mobile friendliness, speed, security, or accessibility.
Accountability rests with the government agency and its effective scrutiny of development contractors. Furthermore, it is suggested that every site should have a three-year lifecycle when it is taken down or renewed and updated for content, security, mobile-friendliness, and usability.
Summarized from fcw.com
Blockchain is a decentralized technology, a global network of computers that jointly manage a database, that can be applied to run governments more efficiently by providing open access to records and better delivery of services.
A pilot project by the Cook County Recorder of Deeds, which stores real estate transactions and records, used blockchain technology to store massive amounts of data. With the data in the public domain, the blockchain database can eliminate the flow for paper from one party to another, allowing access from a personal computer.
The pilot program consolidates property information that has been spread across multiple government offices. By employing asymmetric key cryptography, unauthorized access will be difficult, protecting information from outside access.
The same blockchain technology can be used to streamline a myriad of government services.
Summarized from nasdaq.com.
Click here to read about ATON’s Computer Networking services.
The Trusted Internet Connections (TIC) initiative was introduced to improve security in government by limiting the number of individual external network connections to the internet. With different connections for each agency or department it is nearly impossible to monitor and secure each connection.
Implementing TIC requires the creation of specific ingress and egress points that allow the opportunity to create secure connections. With the proliferation of data storage in the cloud, government agencies and departments have far less monitoring control than they did in simpler times. While the goal of the TIC program is to limit the number of internet connections, cloud computing relies on leveraging numerous internet access points for efficiency and speed.
A solution is to work with a cloud service provider to replicate TIC infrastructure in the cloud, implementing monitoring services to track who is accessing data and applications and from where.