In order to manage and defend against an increasingly
sophisticated threat environment, awareness and collaboration are
crucial for government agencies to secure their online data.
That was the message from industry experts at the Info Security
Canada conference held recently at the Metro Toronto Convention
Centre.
One of those experts is Patrick Gray, senior security
strategist, advanced technologies for Cisco Systems Inc.
Gray has a lot of experience in the area of protecting secure
information; he worked for the FBI as a special
agent for 20 years, serving in Baltimore, Maryland and Washington,
D.C.
"My take on this is: I'm someone who lived in the
compartmentalization of data for 20 years working with the FBI
where we would not share data when working with other federal
agencies," he said.
"We tended to build Chinese walls around our information for
fear that it would get out, even to another federal agency that
would impinge upon our turf and the result of those turf battles we
saw manifested in the events of 9/11."
He added that at that time several different agencies weren't
talking to each other and didn't know what was going on.
"Had we been talking to each other, perhaps we could have
stopped something, perhaps not, but the collaboration today is an
absolutely huge issue," Gray said. "With respect to IT, the U.S.
has the information sharing analysis center (ISAC), where there's
virtually a centre for every commercial market including
government.
"We're pushing out information about technology, threats, what
bad people are doing every day," he said.
There's a huge push towards collaboration simply because of what
happens when governments collaborate, according to Gray. As a
result States can pass critical information along to the local city
and State agencies.
The general accounting office (GAO) oversees all government
agencies and conducts an annual survey on the IT presence in those
agencies.
"They continually get very poor grades which were solidified
this year by the Department of Veterans Affairs giving out 26.5
million ID's to the hackers," he said. "We've not been very good at
protecting our data and that's one of the things that the U.S.
government has to come to grips with, they're a huge target,
probably the largest target in the world."
In that particular case, 26.5 million U.S. military veterans had
their personal data stolen after a Department of Veteran Affairs
data analyst took the data home on a laptop and his house was
burglarized.
Mary Kirwan, CEO of Toronto-based Headfry Inc., said that
incident may help increase the likelihood of new security laws in
the U.S.
"The consistent loss of laptops...every government department in
the U.S. seems to have lost data recently," she said. "The Energy
Department got an F grade from the accountability bodies; many of
the U.S government agencies get abysmal ratings."
If you're looking to the government to lead, they may lead in
regulation, but they're not leading because their own security
practices in many places are abysmal, according to Kirwan.
Canadian fed Privacy Commissioner Jennifer Stoddard weighed in
on the issue in her keynote address to attendees, and said that
it's not just a matter of national collaboration but also the need
for tracking information that is shared with our neighbors to the
South.
"Far too much of our personal information is shared across the
border, verbally without any traces, without any logging and
therefore the Canadian Border Services agency is globally unable to
tell where Canadian's personal information is going," she said.
And although the U.S. may be receiving poor marks in protecting
data, Gray said he works with a lot of Canadian agencies and they
are collaborating and aware of potential threats.
"I was just out in Victoria (B.C.), with the CIO for the
RCMP...he understands the criticality of dealing with these types
of issues with other government agencies," he said. "The RCMP is
dealing with other government agencies on a daily basis throughout
(Canada) to share this kind of information."
icon.
