Accurate, Focused Research on Law, Technology and Knowledge Discovery Since 2002

Category Archives: ID Theft

GAO Report – Recent Data Breaches Illustrate Need for Strong Controls across Federal Agencies

Cybersecurity: Recent Data Breaches Illustrate Need for Strong Controls across Federal Agencies, GAO-15-725T: Published: Jun 24, 2015. Publicly Released: Jun 24, 2015

“GAO has identified a number of challenges federal agencies face in addressing threats to their cybersecurity, including the following:

  • Designing and implementing a risk-based cybersecurity program.
  • Enhancing oversight of contractors providing IT services.
  • Improving security incident response activities.
  • Responding to breaches of personal information.
  • Implementing cybersecurity programs at small agencies.

Until federal agencies take actions to address these challenges—including implementing the hundreds of recommendations GAO and agency inspectors general have made—federal systems and information, including sensitive personal information, will be at an increased risk of compromise from cyber-based attacks and other threats. In an effort to bolster cybersecurity across the federal government, several government-wide initiatives, spearheaded by the Department of Homeland Security (DHS) and the Office of Management and Budget (OMB), are under way. These include the following:

  • Personal Identity Verification: In 2004, the President directed the establishment of a government-wide standard for secure and reliable forms of ID for federal employees and contractor personnel who access government facilities and systems. Subsequently, OMB directed agencies to issue personal identity verification credentials to control access to federal facilities and systems. OMB recently reported that only 41 percent of user accounts at 23 civilian agencies had required these credentials for accessing agency systems.
  • Continuous Diagnostics and Mitigation: DHS, in collaboration with the General Services Administration, has established a government-wide contract for agencies to purchase tools that are intended to identify cybersecurity risks on an ongoing basis. These tools can support agencies’ efforts to monitor their networks for security vulnerabilities and generate prioritized alerts to enable agency staff to mitigate the most critical weaknesses. The Department of State adopted a continuous monitoring program, and in 2011 GAO reported on the benefits of the program and challenges the department faced in implementing its approach.
  • National Cybersecurity Protection System (NCPS): This system, also referred to as EINSTEIN, is to include capabilities for monitoring network traffic and detecting and preventing intrusions, among other things. GAO has ongoing work reviewing the implementation of NCPS, and preliminary observations indicate that implementation of the intrusion detection and prevention capabilities may be limited and DHS appears to have not fully defined requirements for future capabilities.

While these initiatives are intended to improve security, no single technology or tool is sufficient to protect against all cyber threats. Rather, agencies need to employ a multi-layered, “defense in depth” approach to security that includes well-trained personnel, effective and consistently applied processes, and appropriate technologies.”

State-by-State Listing of Data Loss and Freedom of Information Legislation

DataLossDB – Open Security Foundation: “In order to request data breach notification reports from governments, several critieria need to exist. The state must have Freedom of Information or Open Records legislation. The state must have Breach Notification legislation, and the state must require notifications to a centralized authority (like an Attorney General, or a ConsumerContinue Reading

New Study – Americans Losing Battle on Privacy Rights

The Tradeoff Fallacy – How Marketers Are Misrepresenting American Consumers and Opening Them Up to Exploitation – Joseph Turow, Ph.D.; Michael Hennessy, Ph.D; Nora Draper, Ph.D. June 2015. A Report from the Anneberg School for Communication, University of Pennsylvania. “New Annenberg survey results indicate that marketers are misrepresenting a large majority of Americans by claiming thatContinue Reading

FTC – OPM data breach – what should you do?

Lisa Weintraub Schifferle – Attorney, FTC Division of Consumer and Business Education – “A data breach at the Office of Personnel Management (OPM) – and you’re a current or former federal employee whose personal information may have been exposed. What should you do? Take a deep breath. Here are the steps to take. First StepContinue Reading

New One-Stop Resource for Identity Theft Victims

“News about data breaches at banks, stores, and agencies is an everyday occurrence now. But if your private information has been compromised, it doesn’t feel commonplace to you. The sooner you find out, and begin damage control, the better off you’ll be. IdentityTheft.gov, a new website, offers step-by-step checklists of what to do right away,Continue Reading

Wham, Bam, Thank You Spam! Don’t Click on the Link!

Harvard Law School Forum on Corporate Governance and Financial Regulation  – Posted by Paul A. Ferrillo, Weil, Gotshal & Manges LLP, May 17, 2015. “It seems that just like in old times (in cyberspace that means last year) the existence of “snake-oil” salesmen on the Internet is getting worse, not better. Rather than selling somethingContinue Reading

FTC – Recovering from identity theft is easier with a plan

“IdentityTheft.gov is the federal government’s one-stop resource for identity theft victims. The site provides streamlined checklists and sample letters to guide you through the recovery process.” What To Do Right Away What To Do Next Other Steps Know Your Rights Sample Letters Warning signs of identity theft What to do if your info is lostContinue Reading

What Is the Internet of Things?

What Is the Internet of Things?, Mike Loukides and Jon Bruner, O’Reilly Media:  “The Internet of Things (IoT) is a blending of software and hardware, introducing intelligence and connectedness to objects and adding physical endpoints to software. Radical changes in the hardware development process have made the IoT—and its vast possibility—accessible to anyone. This report providesContinue Reading

5 ways to keep your data safe right now

Christopher Soghoian is a TED Fellow, and the principal technologist at the American Civil Liberties Union, where he monitors the intersection of federal surveillance and citizen’s rights. Before joining the ACLU, he was the first-ever technologist for the Federal Trade Commission’s Division of Privacy and Identity Protection, where he worked on investigations of Facebook, Twitter,Continue Reading

Cisco 2015 Annual Security Report

New Threat Intelligence and Trend Analysis – “Despite advances by the security industry, criminals continue to evolve their approaches to break through security defenses. Attackers are realizing that bigger and bolder is not always better. The Cisco 2015 Annual Security Report reveals shifts in attack techniques, emerging vulnerabilities, and the state of enterprise security preparedness.Continue Reading

Worldwide Threat Assessment of the US Intelligence Community – 2015

Statement for the Record Worldwide Threat Assessment of the US Intelligence Community, Senate Armed Services Committee, James R. Clapper, Director of National Intelligence February 26, 2015. Cyber Strategic Assessment – “Cyber threats to US national and economic security are increasing in frequency, scale, sophistication, and severity of impact. The ranges of cyber threat actors, methodsContinue Reading

Annual Report to Congress: Federal Information Security Management Act

Annual Report to Congress, February 27, 2015: “As cyber threats continue to evolve, the Federal Government is embarking on a number of initiatives to protect Federal information and assets and improve the resilience of Federal networks. OMB, in coordination with its partners at the National Security Council (NSC), the Department of Homeland Security (DHS), andContinue Reading