Over the last week, I have seen an increase in OP/ED articles asking what can be done to curtail or eliminate the security breaches that continue to plague US government agencies. Here is a prominent one at issue:
Our view on information security: Can’t anyone in Washington keep private data private?
Before a problem can be truly solved, the environment in which a problem takes root must first be understood or it will simply return later in another form. Once understood, the rational solutions will begin to emerge in an ever so simple clarity. Here are five contributing factors that sustain the current environment for future security breaches:
First and foremost, information security starts with securing the entire process of gathering, organizing, storing and deleting the information itself. The current infrastructure of the federal government is geared towards securing the computer systems first and then adapts such systems to protecting the information. This has been shown to not work in a security infrastructure for quite some time.
Second, computers have a long history of being used to increase efficiency in business processes. Security has not been made THE priority in government business processes, and computer personnel reflect this orientation in both training and organizational conditioning. Overcoming this bias in priority requires a shift in governance culture.
Third, an intrusive government that requires individuals and organizations alike to forward their records to government agencies has historically wanted more information than is truly required for its oversight. This in theory makes it easier for the administrators to do their job. The problem is that securing the information that has been gathered is also their job. Such a conflict of interest has yielded the subordination of securing the data to making their job easier instead of reducing the amount of information collected. If information is not collected, it cannot be stolen from the gatherer.
Forth, when a theft/breach of information occurs, only a few people may be terminated. The resulting activities that emerge are fines, credit services and legal payouts that do not inconvenience anyone directly except the injured and the tax payers themselves. Therefore, where’s the penalty disincentive of the government to protect the information?
Fifth, until people demand that one through four are dealt with responsibly and promptly, government will continue to go about its business as usual.
Until the above factors are addressed collectively, the environment will continue to place peoples’ and organizations’ information at risk. We will continue to see breaches regardless of promises, resources and effort spent, and everyone will be the recipient of our lack of action. There are solutions to these problems, but we must be willing to do more than complain about how we are being inconvenienced. Real action requires real action.
Welcome to the digital future, today.
Have PoliticalMavens.com delivered to your inbox in a daily digest by clicking here
