3 minute read
What the EO Means for Data
Cybersecurity and Information Details
Agencies must walk a delicate tightrope when handling data. On the one hand, data contains sensitive information like health care details that constituents expect agencies to keep private. On the other hand, securing this data cannot be so complicated that it slows down government employees.
Advertisement
The reality is that cybercriminals make balancing both concerns hard for agencies. Data attracts cybercriminals, as they can often profit off personally identifiable information (PII) such as Social Security numbers quickly and easily. Nation-states are even more concerning: The data hostile governments steal can hurt U.S. national security.
The federal government hopes to soothe these fears by mixing modern tools with fresh perspectives on handling data. Implemented correctly, Biden’s cybersecurity EO can assist agencies with guarding one of their most precious resources.
Agencies should make accessing their data as hard as possible, and encryption helps them do exactly that. Encryption translates data into another form that can be unlocked only with a decryption key such as a password. Because encrypted data can be deciphered only with the right tools, only the correct people can typically access this information.
Biden’s cybersecurity EO mandates that all federal agencies embrace encryption for their resting and in-transit data. In the past, unencrypted data facilitated many cyberattacks, so this rule could erase this option for cybercriminals. With the federal government leading by example, scores of state and local agencies may also adopt encryption soon, if they have not already.
2. How will government employees need to handle data differently?
Much like encryption, multifactor authentication (MFA) can make a difference with data security. MFA grants users access to resources such as data only after they have presented two or more pieces of evidence verifying their identities. These identity factors include something only the individual has (a key), something only the individual knows (their address) or something unique to the individual (their fingerprint). The EO stipulates that all federal agencies must deploy MFA. From the top down, this cybersecurity tool can assist agencies with preventing unauthorized access to their data and other assets.
Biden’s EO demands that federal civilian executive branch (FCEB) agencies understand their high-value data assets. Rather than treat all their data the same, the EO tasks these agencies with evaluating which types of unclassified data they have and how sensitive each type is.
These evaluations will help FCEB agencies identify which unclassified data types are the most sensitive, and which varieties are under
the greatest threat from cybercriminals. More importantly, these analyses will decide the most appropriate processing and storage solutions for each FCEB agency’s information.
Although the EO’s details about unclassified data apply only to FCEB agencies, this data security philosophy can benefit any agency.
4. How can the EO assist state and local agencies with data security?
The best federal data security practices can also pay off for state and local agencies. Although the latest cybersecurity EO does not require state and local governments to implement its data security policies, these that do will benefit. Look at encryption. Encryption is a simple step any agency can take to make its data harder for cybercriminals to exploit. MFA, meanwhile, can put guardrails between sensitive information and the people who are not supposed to interact with it. Additionally, determining how sensitive their data is — and what risks it faces — can make cybersecurity easier for any government.