By This e-mail address is being protected from spambots. You need JavaScript enabled to view it ,Chief Information Security Officer, Unisys Federal Systems
 |
Public opinion, a powerful force for change in the United States, may prove instrumental in helping to transform our national approach to cyber security. A recent Unisys Security Index points to both growing fear among U.S. citizens around the security of personal information as well as increased openness to new technologies that can afford greater protection. Both trends can prove helpful to the Obama administration as it tackles our nation's growing cyber security threats.
The Unisys Security Index, a biannual study that provides insights into the attitudes of consumers on a variety of security issues, took the pulse of the nation this fall. Here's what we learned:
- Americans do not trust the government to protect their personal information.
For all the talk about data security regulations and technology deployments to protect personal data, the October 2009 security index suggests the message is not getting across to consumers. Only 22 percent of Americans fully trust government agencies to keep personal information secure and private.
- Americans are embracing biometrics.
Americans are open to biometrics as a tool to protect their identity and keep criminals from stealing their sensitive data, according to the study. For example, 58 percent of respondents said they would be willing to provide biometric data to merchants and financial institutions to verify their identity, and 93 percent of those said they would be interested in using fingerprinting to secure their data.
- Americans are increasingly concerned about the security of their online transactions in a world in which transactions are increasingly conducted online - in both the public and private sectors.
Americans who are seriously concerned about the security of their online transactions rose to 42 percent, the highest level since the Unisys Security Index began two years ago.
The need for the government to protect the private data citizens entrusted to it and to protect itself from fraud through strong identity management solutions has never been more profound. The risks have been highlighted through a number of incidents in recent months in which private data was put at risk. For example, the Internal Revenue Service recorded more than 51,000 cases of apparent taxpayer identity theft and paid out $15 million in fraudulent tax refund claims in 2008.
At the same time, the public appears to have a new openness to technology - such as biometrics - to address their concerns, providing a welcome environment for the introduction of new solutions and policies. For instance, the adoption of interoperable identity management systems and an investment in shared infrastructure would hasten the widespread use of biometrics, allowing agencies to take advantage of a technology that's available today along with the public's growing acceptance of this proven security tool.
The Federal government must begin to lay out a clear strategic direction for national cyber security. The appointment of a National Cyber Security Coordinator will be a critical step forward on the road to progress toward addressing the concerns highlighted in the security index.
In today's data on demand environment, we can expect that the government will soon be called upon to prove they are protecting citizen data, ranging from personal finance to healthcare information. While the new administration calls for greater transparency across government agencies, it must also enforce polices that limit the transparency of private data - enabling citizens to know who is accessing their information and why. The real discussion point will be how the government proves that private data is only being used as directed by citizens.
As we move forward, the need for standards is paramount, and the National Institute of Standards and Technology (NIST) standards provide a solid security foundation. While the Federal government is driven toward the NIST standards through the Federal Information Security Management Act, the ability to implement and continuously monitor their infrastructure seems to be somewhat elusive. Compliance documents are often created for a check the box procedure - rather than actually getting to the root problem, which is data protection and predictive risk analysis. The ability to identify where data is going, what device is processing it and then determine the appropriate strategy to ensure its security is still a serious problem which could potentially leave citizen data vulnerable.
Identifying who is accessing data poses a significant problem within Federal agencies. Government network systems and applications were designed at a time when technology for data protection was still in its infancy. In order to enable collaborative data sharing security, technology solutions were bolted on to attain a higher level of security. We can expect to see a continued push for massive reform to identity and access management capabilities, which are central to the protection of data and the prevention of data leaks and losses. If agencies can control who is accessing the data, they will have solved one of the major security issues confronting the government.
As the public becomes more actively engaged in privacy discussions, government agencies must become more intuitive about the potential vulnerabilities that can impact their organizations - which will, ultimately, help them to address long-standing and emerging security issues, and ensure the safety of American citizens.
Patricia Titus is the Chief Information Security Officer for Unisys Federal Systems. Prior to joining Unisys she served as the Chief Information Security Officer at the Transportation Security Administration.
Subscribe to this comment's feed
| < Prev | Next > |
|---|
Company