Because technology progresses rapidly and government does not, it is difficult for cyber security professionals to keep up with changing technologies. U.S. intelligence organizations are working constantly to keep up with continuously evolving threats, with constant awareness of the balance between privacy and protection.
The government needs to make certain that the public and private sectors are safe from threats including hacking and malware by providing constant vigilance and adaptability. Social media, unregulated for the most part, is often used by terrorists to recruit and spread propaganda. Currently, debate is ongoing regarding regulation of social media. Europe has already taken a step forward with General Data Protection Regulation (GDPR) which enhances the protection of personal information by creating stringent requirements for how to companies get permission to use customer data.
Tech companies now collect new types of data including voice data from always-on voice technologies including smartphones, virtual assistants, and smart home speakers. Unfortunately for users, the speed of technological development far exceeds the speed at which government can regulate and innovate, resulting in diminished protection of personal privacy.
What happens when a government system can’t do what it was designed and built for? The reality is that system failures are common in the public and private sectors and are often the result of design failure and/or lack of upkeep.
Large spikes in traffic, by example the IRS system failure crash on tax day 2018, are often the result of multiple points of failure including overloaded servers and browsers. In many cases government agencies are relying on systems that weren’t designed or tested for major traffic surges. For instance, the federal government has 4,500 web sites and 400 domains, 91 percent of which failed to perform in either mobile friendliness, speed, security, or accessibility.
Accountability rests with the government agency and its effective scrutiny of development contractors. Furthermore, it is suggested that every site should have a three-year lifecycle when it is taken down or renewed and updated for content, security, mobile-friendliness, and usability.
Summarized from fcw.com
Blockchain is a decentralized technology, a global network of computers that jointly manage a database, that can be applied to run governments more efficiently by providing open access to records and better delivery of services.
A pilot project by the Cook County Recorder of Deeds, which stores real estate transactions and records, used blockchain technology to store massive amounts of data. With the data in the public domain, the blockchain database can eliminate the flow for paper from one party to another, allowing access from a personal computer.
The pilot program consolidates property information that has been spread across multiple government offices. By employing asymmetric key cryptography, unauthorized access will be difficult, protecting information from outside access.
The same blockchain technology can be used to streamline a myriad of government services.
Summarized from nasdaq.com.
Click here to read about ATON’s Computer Networking services.
The Trusted Internet Connections (TIC) initiative was introduced to improve security in government by limiting the number of individual external network connections to the internet. With different connections for each agency or department it is nearly impossible to monitor and secure each connection.
Implementing TIC requires the creation of specific ingress and egress points that allow the opportunity to create secure connections. With the proliferation of data storage in the cloud, government agencies and departments have far less monitoring control than they did in simpler times. While the goal of the TIC program is to limit the number of internet connections, cloud computing relies on leveraging numerous internet access points for efficiency and speed.
A solution is to work with a cloud service provider to replicate TIC infrastructure in the cloud, implementing monitoring services to track who is accessing data and applications and from where.
For quite some time there have been only two main types of wireless networks – open and closed (which are secure and encrypted). Most people have used smartphones and other devices to log into open Wi-Fi networks in public places, using the wireless network rather that the slower cellular connection. But, use of the open connection invites attack.
A long-standing method used by attackers is the “man-in-the-middle” where hacking into an open network allows access to personal information by capturing wireless traffic and routing it to the bad guys’ computers. This process can be particularly harmful if a government worker at any level regularly visits an establishment with an open network and utilizes a smart device that is also used for government business.
The new Enhanced Open Security Standard based on Opportunistic Wireless Encryption (OWE) can help to solve the potential problem by establishing a “handshake” exchange where the initial connection between a device and the access point for the open connection is automatically encrypted. This can only occur when both the smart device and the access point have OWE in place.
Updating old IT systems can cost time and money in addition to disrupting work continuity. To remediate this issue on the Federal level, Congress appropriated $100 million for the Technology Modernization Fund to allow updating of aging systems. The main force behind modernization is the increased need for cybersecurity.
A study by the Fox School of Business at Temple University and the McCombs School of Business at the University of Texas-Austin determined that a one percent increase in new IT development spending results in a five percent decrease in breaches.
Modernization on any level must be approached with care because new systems generally incorporate advanced security technologies that may not be compatible with currently operating solutions, leaving new entry points for hackers. Additionally, a well conceived strategic approach to modernization would help prevent new attacks.
The National Archives and Records Administration (NARA) draft FY 2018 – FY 2022 Strategic Plan sets a timeline for modernization and digitization of federal records. It is indisputable that if the plan is successful, requirements for state, county, and local governments will soon follow.
On the federal level more than 500 million pages of records are scheduled to be digitized with NARA no longer accepting non-electronic records by the end of 2022. It is important that federal agencies ensure that they will be prepared to meet the new deadline and the local and state governments begin to consider conversion practices.
Among the consideration for the transition are:
- Optimizing storage space – The cost of real property dedicated to paper record storage is expensive and creates unnecessary risks. Additionally, the staff time needed to search, locate, and retrieve paper records is extensive compared to electronic search and recovery.
- Inventory stored records, both permanent and temporary – Records received by a government entity must be classified, recorded, and in many cases retained, increasing the investment cost in storage space and employee time.
According to NARA guidelines, “automating records management will not only reduce the burden of records management responsibilities on individuals but will make…government records and information easier to access…”
An additional consideration for records management is improved metadata tagging and analytics to simplify search and recovery, manage and track inventory, identifying risks, and projecting future needs.
PREPARE TO ENTER THE “KNOWLEDGE SOCIETY” (summarized from njbiz.com
With progress in technological development outpacing traditional market advancements, experts believe that there exists a societal shift from “the era of information overload to a new age where tools are available to distill that information into knowledge.” The contention at this stage of development is the economy has transitioned from a data society to an information society, and now to a knowledge society.
Big Data, the collection of massive amounts of consumer information, now can be managed with cloud based information to provide insight on how business and government should respond to public needs and wants. Advanced computing allows business and government to take full advantage of the data that is available.
Further, the introduction and advancement of cryptocurrency will have a significant effect on business and government. Whereas traditional currencies are backed but single entities including banks, cryptocurrency transactions are validated by sending them through the internet to a wide network that competes to confirm the transaction. At this time, cryptocurrency is not regulated by any government entity and had an estimated value in 2017 of $250 billion.
NJ-GMIS, an association of Government Information Technology leaders, has announced that the 3rd Annual Cyber Security Awareness Seminar is scheduled for Wednesday, October 24, 2018 from 7:00 A.M. to 12:30 P.M. at The College of New Jersey (TCNJ), 2000 Pennington Road, Ewing, New Jersey.
Cybersecurity experts, industry executives, and public sector professionals will present important information for government employees on cyber trends, resources, policies, and solutions.
Registration is complimentary for public sector employees. Peer to peer networking and a tour of the TCNJ Computer Science Department will be included in the day’s activities.
For information and registration email firstname.lastname@example.org or visit https://njgmis.seamlessdocs.com/f/r6nnjjtvdcof
Traditional IT has to make way for AI (summarized from InformationWeek)
The efficiencies that were realized in the transition that was made from a paper-based government operation to a computer-based information technology environment will be realized again with the transition to Artificial Intelligence (AI).
AI is “the theory and development of computer systems able to perform tasks that normally require human intelligence, such as visual perception, speech recognition, decision-making, and translation between languages.” It will be a reliance on productivity that can collect, interpret, and utilize data at a scale beyond human ability.
It is recommended that if there are funds remaining in a current IT budget, it is time to begin to direct those funds to AI.