Government Security of Information Still Needs Work


By: Jim Kouri, CPP

Many federal operations are supported by automated systems that may contain sensitive information such as national security information that, if lost or stolen, could be disclosed for improper purposes.

Compromises of sensitive information at numerous federal agencies have raised concerns about the extent to which such information is vulnerable. The use of technological controls such as encryption–the process of changing plaintext into ciphertext–can help guard against the unauthorized disclosure of sensitive information.

Commercially available encryption technologies can help federal agencies protect sensitive information that is stored on mobile computers and devices (such as laptop computers, handheld devices such as personal digital assistants, and portable media such as flash drives and CD-ROMs) as well as information that is transmitted over wired or wireless networks by reducing the risks of its unauthorized disclosure and modification.

For example, information stored in individual files, folders, or entire hard drives can be encrypted. Encryption technologies can also be used to establish secure communication paths for protecting data transmitted over networks. While many products to encrypt data exist, implementing them incorrectly——such as failing to properly configure the product, secure encryption keys, or train users——can result in a false sense of security and render data permanently inaccessible.

Key laws frame practices for information protection, while federal policies and guidance address the use of encryption. The Federal Information Security Management Act of 2002 mandates that agencies implement information security programs to protect agency information and systems.

In addition, other laws provide guidance and direction for protecting specific types of information, including agency-specific information. For example, the Privacy Act of 1974 requires that agencies adequately protect personal information, and the Health Insurance Portability and Accountability Act of 1996 requires additional protections for sensitive health care information.

The Office of Management and Budget has issued policy requiring federal agencies to encrypt all data on mobile computers and devices that carry agency data and use products that have been approved by the National Institute for Standards and Technology (NIST) cryptographic validation program.

Further, NIST guidance recommends that agencies adequately plan for the selection, installation, configuration, and management of encryption technologies. The extent to which 24 major federal agencies reported that they have implemented encryption and developed plans to implement encryption of sensitive information varied across agencies. From July through September 2007, the major agencies collectively reported that they had not yet installed encryption technology to protect sensitive information on about 70 percent of their laptop computers and handheld devices.

Additionally, agencies reported uncertainty regarding the applicability of OMB’s encryption requirements for mobile devices, specifically portable media. While all agencies have initiated efforts to deploy encryption technologies, none had documented comprehensive plans to guide encryption implementation activities such as installing and configuring appropriate technologies in accordance with federal guidelines, developing and documenting policies and procedures for managing encryption technologies, and training users.

As a result federal information may remain at increased risk of unauthorized disclosure, loss, and modification.



Jim Kouri, CPP is currently fifth vice-president of the National Association of Chiefs of Police and he’s a staff writer for the New Media Alliance (thenma.org). In addition, he’s the new editor for the House Conservatives Fund’s weblog. Kouri also serves as political advisor for Emmy and Golden Globe winning actor Michael Moriarty.

He’s former chief at a New York City housing project in Washington Heights nicknamed “Crack City” by reporters covering the drug war in the 1980s. In addition, he served as director of public safety at a New Jersey university and director of security for several major organizations. He’s also served on the National Drug Task Force and trained police and security officers throughout the country. Kouri writes for many police and security magazines including Chief of Police, Police Times, The Narc Officer and others. He’s a news writer for TheConservativeVoice.Com and PHXnews.com. He’s also a columnist for AmericanDaily.Com, MensNewsDaily.Com, MichNews.Com, and he’s syndicated by AXcessNews.Com. He’s appeared as on-air commentator for over 100 TV and radio news and talk shows including Oprah, McLaughlin Report, CNN Headline News, MTV, Fox News, etc. His book Assume The Position is available at Amazon.Com. Kouri’s own website is located at http://jimkouri.us

About The Author Jim Kouri, CPP:
Jim Kouri, CPP is currently fifth vice-president of the National Association of Chiefs of Police and he's a columnist for The Examiner (examiner.com) and New Media Alliance (thenma.org). In addition, he's a blogger for the Cheyenne, Wyoming Fox News Radio affiliate KGAB (www.kgab.com). Kouri also serves as political advisor for Emmy and Golden Globe winning actor Michael Moriarty. He's former chief at a New York City housing project in Washington Heights nicknamed "Crack City" by reporters covering the drug war in the 1980s. In addition, he served as director of public safety at a New Jersey university and director of security for several major organizations. He's also served on the National Drug Task Force and trained police and security officers throughout the country. Kouri writes for many police and security magazines including Chief of Police, Police Times, The Narc Officer and others. He's a news writer and columnist for AmericanDaily.Com, MensNewsDaily.Com, MichNews.Com, and he's syndicated by AXcessNews.Com. Kouri appears regularly as on-air commentator for over 100 TV and radio news and talk shows including Fox News Channel, Oprah, McLaughlin Report, CNN Headline News, MTV, etc. To subscribe to Kouri's newsletter write to COPmagazine@aol.com and write "Subscription" on the subject line.
Website:http://jimkouri.us

No Comments

No comments yet.

RSS feed for comments on this post. TrackBack URI

Sorry, the comment form is closed at this time.