Technology platforms over the last several years have been crucial to holding powerful people and governments to account, an example being smartphone that give people instant access to filming capabilities that make it easier to document incidents of mistreatment and abuse.
Additionally, technology tools, particularly social media, are enabling societies across the globe to expand and demand civil rights. The world is now too interconnected, with technological advancements providing unprecedented access to information. In addition to utilizing this information keep governments in check, technology will continue to benefit the world’s poor by providing new access to necessary information.
This technology is not without flaws as social media has been used to promote election interference, hateful rhetoric, conspiracy theories, mob violence, online radicalization, and the spread of misinformation. It is incumbent on the world’s leading technology companies to increase regulation and explore alternative business models to avoid repeating the mistakes of early development.
Summarized from forbes.com
Foreign countries are targeting and compromising U.S. contractors so frequently that the Department of Defense (DOD) requested that the National Institute of Standards and Technology to develop custom security guidelines.
The result was 31 new recommendations for contractors to harden their defenses and protect unclassified but still sensitive government data including Social Security numbers and other personally identifying information.
Recommendations include implementing dual-authorization access controls for sensitive operations, employing networks segmentation where appropriate, deploying deception technologies, and employing threat-hunting teams and a security operations center to monitor system and network activity. Additionally, DOD has taken steps to beef up participation in information sharing programs and rolled out new cybersecurity standards for its contractor base.
These security guidelines are mandatory for approximately 65,000 primary and subcontractors who work with DOD. Implementing these guidelines can be an heavy financial burden but it is hoped that nonfederal organizations implement alternative, but equally effective security measures, using CMMC as a model.
Summarized from washingtontechnology.com
Big Tech is embedded in every level of government as millions of citizens have become comfortable working online with local, state, and federal agencies. Information is rarely more than a few clicks away for both law-abiding citizens and anyone bent on breaking the law.
Up until now, government IT has been focused mainly on function: process automation, implementation, and establishing network policies. Now highly publicized data breaches, election vulnerabilities, and the social media influence on everything from currency to health care, have resulted in government IT professionals and cyber-savvy lawmakers to move forward with purpose and speed to better data protection.
The Defense Department’s security-first initiative and its Cybersecurity Maturity Model Certification (CMMC) requirements protect every mission and ensure security in every vendor along the supply chain. With the move to the cloud, mission-critical priorities must be certified for security due to supply-chain exposure and third-party vendor risk. Under CMMC, all contractors will be required to meet new standards before they can respond to RFPs or renew contracts.
The expectation is that similar initiatives will spread across all federal, state, and municipal agencies. This security-first mentality will become a national government inspired standard that will be in contrast to the slow trickle-up security of the past decade.
Summarized from gcn.com
Portsmith, Virginia officials say that they are being attacked regularly by internet fraudsters and to guard their workplace, they want to make it harder to access public information. Emails, known as “phishing” appear to be from a trusted source and ask people to respond with sensitive information like account numbers of passwords.
To counter this practice, city officials have come up with a loose set of proposals to change the rules that regulate public access to government records. The changes would require people to provide a state ID when asking for data on more than five employees, allow government bodies to require written requests, and allow citizens who write government to opt out of having their “person identifiable information” released through public records requests.
Recent phishing examples include Washington where someone pretending to be a city vendor had staff wire $700,000 to their bank account and Baltimore where scammers shut down city computer systems at a taxpayer cost of $18.2 million.
Counter to this proposal are government watchdog agencies who contend that these policies will make it harder to hold public agencies accountable.
Twenty-three Texas towns, the majority of which were smaller local governments, were struck by a “coordinated” ransomware attack.
Ransomware is a type of malicious software, often delivered by email, that locks up an organization’s systems until a ransom is paid or files are recovered by another means. In many cases, the ransomware significantly damages computer hardware and linked machinery and can lead to days or weeks with systems offline.
State and local agencies assisted with the response with the Texas governor deploying cybersecurity experts to affected areas to assess damages and bring the local entities online. It was determined that the attack was initiated by a single entity, though they could not determine who was responsible.
Summarized from cnbc.com
Blockchain, the digital ledger technology, offers an immutable record of a transaction based on a distributed consensus algorithm. The technology gained notoriety through the use of bitcoin, the digital commodity.
Admittedly, the initial hype and confusion surrounding blockchain has been dramatic. Nonetheless, the current state of the technology is about employing the tool effectively, improving its interoperability, and pairing it with other advancing capabilities such as artificial intelligence (AI), machine learning, and the Internet of Things (IOT).
Experts indicate that over time the focus is going to be more on managing blockchains and using it like one more essential back office tool to lower costs.
Blockchain offers expanding capabilities for secure transactions as it becomes more user friendly and ready for prime time as it creates “an immutable, unchangeable, permanently verifiable record of a transaction.”
The process involves endorsing parties participating in a transaction that is recorded digitally as a block or group of records. The block and data are then mathematically linked to other blocks.
The digital ledger ensures that users can only transact with the assets or information to which they have been assigned within the blockchain, and this compartmentalizes or limits their interaction.
Users do not have to be computer scientists to implement a blockchain application. Its use should be a well thought out decision based on whether or not the new technology can be applied to solve problems. It is also recommended that blockchain is used in parallel to existing systems until metrics prove the value of blockchain.
Summarized from afcea.org
Maine has committed to spending more than $1 million on new software in light of Microsoft’s announcement that it will end support for Windows 7 in 2020.
The state has an established practice of replacing computers that are more than five years old. The problem facing the government is that after January 14, 2020 support for Windows 7 will come to an end, eliminating technical support, software updates, and security updates. The security patches are a crucial part of the operating system, forcing the state to upgrade 10,000 computers within the upcoming year.
Operational efficiency and security from ransomware attacks are the prime motivations for the move.
Summarized from GovTech.com
A federal cybersecurity agency and state government associations issued guidance on protecting city, county, and state governments from the growing threat of a ransomware attack.
The agency urged governments to take preventative action to protect their information technology systems from ransomware attacks that have cost municipalities millions in damage, ransom fees, and lost revenues.
They recommended three steps to improve resiliency against ransomware.
- Regularly back-up all critical agency systems and store the back-ups offline.
- Reinforce basic cybersecurity awareness among employees and remind them how to report incidents.
- Revisit and refine cyber incident response plans and have a clear plan in place to address a cyberattack when it occurs.
A ransomware attack on Baltimore is expected to cost the city $18 million and two Florida cities recently paid hundreds of thousands of dollars in ransom fees to recover their data. At least 170 city, county, or state governments have experienced a ransomware attack since 2013 according to the U.S. Conference of Mayors.
Blockchain technology is perhaps the most talked about and yet the most misunderstood emerging technology in the world today. Blockchain is a method for recording transactional information by storing, securing, and sharing data between separate parties.
Blockchain permanently records, in a sequential chain of cryptographic hash-linked blocks, the history of asset exchanges that take place between peers in the network. All the confirmed and validated transaction blocks are linked and chained from the beginning of the chain to the most current block. The blockchain acts as a single source of truth, and members of the blockchain network can view only those transactions that are relevant to them.
The blockchain revolution that has been taking hold at major corporations, among forward thinking policymakers, and with startup technologies, is making corporate and government operations more efficient and secure.
A May 2018 Deloitte survey of corporate executives found that 74 percent see a compelling case for the use of blockchain in areas from health care and real estate to cybersecurity and education. State and local governments also have begun to employ blockchain in land title and health provider registries.
Benefits include security and audit trails that are built into the way it creates immutable records of new data and transactions; the ease at which it can facilitate, record, and share data and transactions in a relatively frictionless fashion with little need for human interaction; the ability to consolidate across various systems; and its capacity to provide end-to-end visibility and transparency into an entire network.
Facial recognition technology provides a powerful tool for efforts to identify international terrorist groups and activities. Domestic use of the same technology for law enforcement purposes has generated a widespread call for regulation.
This technology can identify people’s faces and understand expressions which infringes on a core social space, more so than tracking online data. There is concern that use of facial recognition can threaten constitutional rights including racial and gender equality, freedom of speech and assembly, and the ability of the press to operate without the threat of retribution.
Currently, facial recognition algorithms are only as good as the data upon which they are based. To protect the public, it is vital that regulators establish strong and flexible safety standards. Using European standards as a model, the United States should adopt guidelines that will help build public trust by establishing limits on its use.
Summarized from The Hill