In October, ghosts and goblins come to life as decorations on front lawns and as candy-seeking children knocking on our doors. But stepping away from the frivolity of Halloween, October has also become a time for us to reflect on the real threats we face year-round when it comes to our data, identity privacy and online security.
National Cybersecurity Awareness Month (NCSAM), spearheaded by the Department of Homeland Security (DHS), is a "collaborative effort between government and industry to raise awareness about the importance of cybersecurity and to ensure that all Americans have the resources they need to be safer and more secure online." This year's theme is Own IT. Secure IT. Protect IT. Programs around the country will address topics including citizen privacy, securing consumer devices, and eCommerce security.
More than IT professionals talking to one another, NCSAM aims to reach out to the public to emphasize personal accountability and educate people about the importance of taking proactive steps to enhance cybersecurity at home and in the workplace. The NCSAM website has some handy guides that can be shared to educate people on these actionable steps.
The Internet of Things (IoT) is made up of webcams, sensors, thermostats, microphones, speakers, cars, and even stuffed animals. All of these connected devices can help individuals and organizations stay connected across geographic distances, keeping tabs on and managing assets from miles away. The data they collect can be combined with other data sets to create actionable advice for better management and service.
This holds incredible promise for local governments and federal agencies charged with maintaining safe operating fleets and facilities. There's also the application for improving the routing of field technicians as well as traffic flow in general. But, as every superhero knows, with great power comes great responsibility.
As with any technology, IoT standards need to be developed for effective and safe use as well as to enable interoperability. NIST has been working on defining standards and recently released Considerations for Managing Internet of Things (IoT) Cybersecurity and Privacy Risks, but no federal agency is currently claiming jurisdiction over IoT policy and rule-making. In this vacuum, the legislative branch is getting involved. This past November, the House passed the SMART IoT Act that tasks the Department of Commerce with studying the current U.S. IoT industry. A Senate bill was introduced to manage what types of IoT devices the government can purchase, ensuring that all IoT tech in government is patchable and has changeable passwords. Finally, states are even weighing in on the proper use of IoT in government. California passed the first IoT cybersecurity law, making device manufacturers ensure their devices have "reasonable" security features. Continue reading
Blockchain is a complex technology that aims to streamline repetitive, data-intensive tasks. It has become more than a hot buzzword in government IT circles, it is already being put into practice.
One way to think of blockchain is as a database that is jointly managed by a distributed set of participants. Adding data requires the "sign off" of everyone in the chain, verifying that the transaction is legitimate. Because of this interconnectedness, it is inherently secure. Every piece is linked to another, changing one piece will impact the rest of the chain (just like that one bulb going out on your Christmas lights) alerting all owners to an issue.
Government agencies are drawn to the security and transparency provided by blockchain to improve the efficiency and stability of processes requiring strict audit trails. NIST has provided guidance to help educate as well as encourage organizations to begin trying out blockchain approaches. Continue reading
Every October, the cybersecurity community comes together to highlight how each of us plays a role in the security of not just our own online identities, but of cyberspace as a whole. This year, National Cyber Security Awareness Month, organized by the Department of Homeland Security, is celebrating its 15th anniversary. This month is a collaborative effort between government and industry to ensure every American has the resources they need to stay safer and more secure online while increasing the resiliency of the Nation during cyber-threats.
The theme for 2018 is "Cybersecurity is our shared responsibility, and we all must work together to improve our Nation's cybersecurity." This focus on responsibility, both individual and organizational, is critical for a population becoming more and more dependent on Internet connectivity. A recent study found that while government tends to have better cyber hygiene than most industry sectors, overall, we are not doing all we can to secure our networks and all of the devices that connect to them. Only 50 percent of respondents said they were running authenticated scans and were able to patch vulnerabilities within a week of detection. Almost half use dedicated workstations and networks for administrative activities, but over 40 percent do not use multifactor authentication or don't require unique passwords for each system. Continue reading
Biometrics is the use of an individual's unique physical and behavioral characteristics, typically used for identification and access control. Fingerprinting, the oldest form of biometrics, can be used for much more than identifying criminals. Fingerprint sensors have long been in use to allow individuals to login to their laptops, control physical access to buildings, track attendance of employees, and much more. Today, the focus is on improving facial recognition both for access to systems and facilities and as part of national security practices.
Facial recognition holds promise for accurately identifying who should and should not be in a specific place - whether that is a physical location like a building or an airport, or a virtual one like a set of classified files. However, the technology is not as reliable as the market requires. The impact of false positives and missed identities are measurably bigger when you are talking about identifying someone on a terror watch list rather than simply being locked out of your cell phone. There is considerable work being done to close the gaps between the promise of facial recognition and the reality of today's technology.
In a world where we are conducting more and more business online, biometric identification seems like a no-brainer for increasing the security of accessing personal data. But there is a privacy concern. Using biometrics means that organizations have access to very personal credentials and a recent ruling showed that the FBI does not need to disclose what biometric data it has on citizens. Continue reading