National Cybersecurity Strategy: Building a More Secure Future

In March, the Biden Administration released the latest guidance aimed at improving the cybersecurity practices of Federal agencies. The National Cybersecurity Strategy builds on the Executive Order for Improving the Nation's Cybersecurity that makes cybersecurity a strategic focus of every agency. This latest guidance drills further into the actions needed to ensure that government systems and citizen data are protected against the ever-evolving threat landscape.

The goal of the strategy is to "rebalance the responsibility to defend cyberspace" and "realign incentives to favor long-term investments." To do this, the responsibility for cybersecurity must be shifted to the organizations that are most capable and best-positioned to reduce risks. It points out that, "a single person's momentary lapse in judgment, use of an outdated password, or errant click on a suspicious link should not have national security consequences." While security is the responsibility of everyone, small businesses, small localities, and individuals simply do not have the resources to support the security needed to protect systems and data. Instead, the guidance proposes new incentives to favor long-term investments in security, resilience, and new technologies. Continue reading

Creative Solutions to Close the Cybersecurity Skills Gap

In the last 12 months, more than 769,000 cybersecurity jobs were posted in the United States. Unfortunately, there are not enough trained cyber professionals to meet this need across government and private industry, but the roles need to be filled. A report issued by the Government Accountability Office (GAO) in late 2021 named the cybersecurity skills gap as a leading cause of risk for Federal agencies. To meet this need and risk head-on, the government is coming up with creative ways to fill cyber positions.

Funding Scholarships

The DoD had been looking to set up military-style academies focused on cyber education; however, the direction has shifted in the latest National Defense Authorization Act. The latest proposal recommends establishing a DOD Cyber and Digital Service Academy within existing universities and colleges. This means that students studying certain cyber and digital service disciplines could receive up to five years of tuition and room and board. In exchange, recipients would agree to work for the DoD for the same number of years that they received the scholarship. This is not unprecedented. The National Science Foundation's CyberCorps Scholarship for Service Program has been in place since 2000. It has placed over 4,500 people in government organizations including DoD, the National Security Agency and state and local governments in return for their scholarship. Continue reading

Schools Have to Learn the ABCs of Ransomware

Ransomware has traditionally been a practice where cybercriminals encrypt data and demand ransom in exchange for a decryption key. More recently, a growing number of these bad actors threaten to make this information public if they do not get paid. This shift in the practice of ransomware has increased the "attractiveness" of K-12 schools for cyber criminals. Information about children is among the most highly protected data there is, making it more likely ransoms will be paid to keep it private. For this and other reasons, K-12 schools are seeing an increase in ransomware activity. In 2021, there were at least 62 reported ransomware cases as compared to only 11 in 2018. 2021 also saw ransomware as the most common cyber incident for K-12 schools for the first time ever.

What Gets Compromised in a Ransomware Attack?

An incident in 2020 involving Fairfax County, VA Public Schools resulted in employee social security numbers being posted online. Hackers targeting a school district in Allen, Texas emailed parents with threats to expose their childs' personal information if educators did not pay a ransom. Showing the full swing of ransomware impacts from the serious to the mundane, a 2022 attack on the Griggsville-Perry School District in Indiana had many records compromised and leaked including a detention slip from December 2014 for a student who would not stop interrupting his health class. This shows the breadth of access that hackers had to documents and has led many schools to reexamine their file retention policy to reduce the amount of data accessible to bad actors. Continue reading

Socrata Powers–and Benefits From–Open Data Movement in Government

Originally posted by Benjamin Romano on Xconomy

Drawing on an unprecedented amount of government data that is easier to access than ever before, more than 11,000 software developers, entrepreneurs, students, and others across the country devoted part of last weekend to building technologies designed to help local, state, and federal governments solve problems and improve their communities.

The firstáNational Day of Civic Hackingáencompassed events in 83 cities includingáDetroit, where an understaffed city department sought helpáanswering its phones; Denver, where the winning teamábuilt an app that helps visitors find legal marijuana dispensaries; and Seattle, where teams developedátools to connect people with events in their neighborhoods.

Continue reading

Postal Service Defends Pricey Conference as Chance to Boost Revenue

Originally posted by Eric Katzáon Government Executive

The U.S. Postal Service on Wednesday defended its decision to spend more than $2 million on an upcoming conference, saying the event is an opportunity to grow revenue.

USPS is sending 400 employees to the National Postal Forum Conference, an annual event held to educate businesses and mailing industry professionals on the services available to them. The vast majority of USPS attendees participate in the conference for free, as they are deemed to have added value, according to the Postal Service.

Continue reading