Let’s give credit where credit is due

January 9, 2009
There's a lot of bad news circulating these days around cyberthreats - and I'll spare you the somber recount, especially on a Friday.

So, instead, let's focus on where some noticeable improvements have been made.

This week, the Identity Theft Resource Center put out its 2008 breach report, which showed that data-loss incidents soared by 47 percent last year.

I know what you're thinking: I was supposed to give you some good news. Well, here it is. The government/military sector suffered 110 breaches -- categorized as either insider theft, hacking, data in motion, accidental exposure or subcontractor related. That compromised 16.8 percent of the total.

In 2007, this vertical was responsible for 24.6 percent of all breaches. A year prior, it was 30 percent.

All told, the percentage of breaches that the government/military sector suffered in 2008 was down 44 percent from 2006.

If you recall, 2006 was a particularly embarrassing year for government agencies and military branches. It seemed as if every week, I was writing about another lost laptop or exposed sensitive data. Of course, everything paled in comparison to the monster laptop breach that affected the Department of Veterans Affairs.

But once the hurricane went out to sea, the picture turned rosier. The federal Office of Management and Budget (OMB) was a big reason for the turnaround.

In a June 2006 memo, OMB ordered agencies to encrypt all sensitive data, in addition to requiring the implementation of two-factor authentication for remote users. Also, agencies must use the National Institute of Standards and Technology (NIST) security checklist as a baseline for its security practices.

In 2007, OMB issued a 22-page memo that directed federal agencies to, among other things, create a breach notification plan for the timely reporting and notification of data-loss incidents.

Feds also have been told to eliminate the unnecessary use of Social Security numbers.

And just a few months ago, the military announced it is banning the use of USB thumb drives.

This is not to mention the countless security education programs that surely took effect across government and military, amid the rash of data breaches.

So let's give credit where credit is due. And let's hope it keeps up. After all, there is no greater custodian of citizen data than the federal government.

 
prestitial ad