Data Security

State Department joins the government’s data-crunching craze

A sign identifies the State Department.

The State Department wants to spend the next three years transforming its IT infrastructure, diplomats and staff to better harness big data, something it acknowledges will also require a sharper focus on data security practices.

The department laid out its vision in its first-ever enterprise data strategy released Monday, arguing that the U.S. and other countries are racing to respond to three global trends: advanced data analysis capabilities developed in the private sector over the past decade, ambitious technological agendas for rivals like China and Russia, and a fast-changing international landscape.

Combined, these developments have made “comprehensive, timely, and accurate data and intuitive analysis” essential to diplomacy and the broader mission of the State Department.

“We have the most advanced diplomatic corps in the world, and it is imperative that we match the excellence of our global workforce with excellence in our data-driven insights,” the strategy says. “Advanced analysis must act in support of diplomacy, putting evidence-based insights at our professionals' fingertips to help them achieve their mission.”

While officials in government dream big on the potential of policymaking in a hyper charged, data-driven world, there are also important questions around how the department will go about collecting, storing and protecting this influx of information in an increasingly hostile digital space. The strategy promises that data security based on “industry leading security practices at each classification level” will be one of the five principles guiding the effort.

It goes beyond protecting a network perimeter or high value systems and assets: the State Department has embassies and consulates in 191 countries, and may have the most geographically spread out IT network in the federal government. While this gives the department “unique data from day-to-day diplomatic, assistance, and security activities” that can be harnessed to inform operations or shared with allies and partners, it also means it must “develop its own strong and secure data capabilities and cultivate a data-fluent workforce” to manage and protect this new informational treasure trove.

For instance, one of the objectives is to open up communication channels within different agencies and branches to share institutional data and incentivize collaboration between data analysts at State and the broader workforce. To do this the department will need to create and scale secure online forums to facilitate those discussions.

It will lean more into leveraging tools and infrastructure, including software, machine learning and cloud platforms, that could either introduce new vulnerabilities or create storage questions that could impact the likelihood of a future data breach.

The department also plans to establish “simple, streamlined, and secure access” to internal and external datasets for users stationed across the world and expresses a desire to move away from a longstanding “federated” approach to data management that has made it harder for bureaus, officers and posts to access or even be aware of important informational resources at their disposal.

Not surprisingly, the department anticipates that a shift towards greater access, interoperability and sharing would also put classified and sensitive data at greater risk and necessitate a new platform to share it.

“Recognizing the need for an enhanced cybersecurity posture and requirement to ensure security of classified and sensitive data — such as Personally Identifiable Information (PII) — the Department will develop a secure common platform for select datasets with integrated records management, transparent data lineage, and clearly identifiable systems of record to maintain the integrity of shared data,” the strategy notes.

In this regard, the department will have to significantly up its game. A Senate report looking at data security practices eight departments gave State a "D" grade, finding among other things that more than a quarter of its IT systems lacked valid authorizations, it relied of unsupported or obsolete software systems that were flagged in vulnerability scans and tests of ten systems found 450 critical risk and 736 high risk vulnerabilities that had not been patched.

The vision, goals and objectives laid out by the State Department mimic other parts of the government, including the intelligence community and the Department of Defense, that have expressed a similar need to master data in order to master the world. All three departments regularly traffic in some of the most sensitive and secret discussions and operations in the world, and all three must balance their desire to open up the spigot of information with the security trade-offs and considerations that come with it.

Like State officials, leaders at the Office of the Director of National Intelligence view large-scale transformation and restructuring towards big data analysis and decision-making as more than a way to produce more agency reports or slap a veneer of data science over the usual bureaucratic process. It was — and is — viewed as an imperative to survive and thrive in a modern spy world where technology and data correlation have rendered decades of well-worn tradecraft obsolete or ineffective.

The ability to hoard and harness vast amounts of information and incorporate it into your analysis is viewed by many policymakers as an important part of staying ahead of China, Russia and other geopolitical rivals who are pursuing similar strategies. In 2019, ODNI Assistant Director of National Intelligence Nancy Morgan said the goal of their data strategy was about putting the right data in the hands of the right people quickly, but also securely.

The Department of Defense, likewise, is sitting on a massive hoard of unique, non-public data and not enough analysts or tools to make use of it. Then-CIO Essye Miller said in 2017 that it’s “just a natural inclination that we feel we have to keep everything, which drives the need for security.” George Washington University estimated that 99% of DoD’s proprietary, non-public data was withering on the vine, a previously untapped resource that could give the Pentagon a leg up on others when it comes to battlefield analysis training its artificial intelligence systems.

Derek B. Johnson

Derek is a senior editor and reporter at SC Media, where he has spent the past three years providing award-winning coverage of cybersecurity news across the public and private sectors. Prior to that, he was a senior reporter covering cybersecurity policy at Federal Computer Week. Derek has a bachelor’s degree in print journalism from Hofstra University in New York and a master’s degree in public policy from George Mason University in Virginia.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.