In order to manage and defend against an increasinglysophisticated threat environment, awareness and collaboration arecrucial for government agencies to secure their online data.
That was the message from industry experts at the Info SecurityCanada conference held recently at the Metro Toronto ConventionCentre.
One of those experts is Patrick Gray, senior securitystrategist, advanced technologies for Cisco Systems Inc.
Gray has a lot of experience in the area of protecting secureinformation; he worked for the FBI as a specialagent for 20 years, serving in Baltimore, Maryland and Washington,D.C.
“My take on this is: I’m someone who lived in thecompartmentalization of data for 20 years working with the FBIwhere we would not share data when working with other federalagencies,” he said.
“We tended to build Chinese walls around our information forfear that it would get out, even to another federal agency thatwould impinge upon our turf and the result of those turf battles wesaw manifested in the events of 9/11.”
He added that at that time several different agencies weren’ttalking to each other and didn’t know what was going on.
“Had we been talking to each other, perhaps we could havestopped something, perhaps not, but the collaboration today is anabsolutely huge issue,” Gray said. “With respect to IT, the U.S.has the information sharing analysis center (ISAC), where there’svirtually a centre for every commercial market includinggovernment.
“We’re pushing out information about technology, threats, whatbad people are doing every day,” he said.
There’s a huge push towards collaboration simply because of whathappens when governments collaborate, according to Gray. As aresult States can pass critical information along to the local cityand State agencies.
The general accounting office (GAO) oversees all governmentagencies and conducts an annual survey on the IT presence in thoseagencies.
“They continually get very poor grades which were solidifiedthis year by the Department of Veterans Affairs giving out 26.5million ID’s to the hackers,” he said. “We’ve not been very good atprotecting our data and that’s one of the things that the U.S.government has to come to grips with, they’re a huge target,probably the largest target in the world.”
In that particular case, 26.5 million U.S. military veterans hadtheir personal data stolen after a Department of Veteran Affairsdata analyst took the data home on a laptop and his house wasburglarized.
Mary Kirwan, CEO of Toronto-based Headfry Inc., said thatincident may help increase the likelihood of new security laws inthe U.S.
“The consistent loss of laptops…every government department inthe U.S. seems to have lost data recently,” she said. “The EnergyDepartment got an F grade from the accountability bodies; many ofthe U.S government agencies get abysmal ratings.”
If you’re looking to the government to lead, they may lead inregulation, but they’re not leading because their own securitypractices in many places are abysmal, according to Kirwan.
Canadian fed Privacy Commissioner Jennifer Stoddard weighed inon the issue in her keynote address to attendees, and said thatit’s not just a matter of national collaboration but also the needfor tracking information that is shared with our neighbors to theSouth.
“Far too much of our personal information is shared across theborder, verbally without any traces, without any logging andtherefore the Canadian Border Services agency is globally unable totell where Canadian’s personal information is going,” she said.
And although the U.S. may be receiving poor marks in protectingdata, Gray said he works with a lot of Canadian agencies and theyare collaborating and aware of potential threats.
“I was just out in Victoria (B.C.), with the CIO for theRCMP…he understands the criticality of dealing with these typesof issues with other government agencies,” he said. “The RCMP isdealing with other government agencies on a daily basis throughout(Canada) to share this kind of information.”