Sensitive personal data is never completely safe

Photo by Perspecsys is licensed under CC BY 2.0

Photo by Perspecsys is licensed under CC BY 2.0

In 2012, an international hacker found his way into state computers at the South Carolina Department of Revenue. The hacker gained access to 3.8 million tax returns that included sensitive, private information. At the time, it was called the largest cyber-attack ever initiated against a state.

The worst part of it all was facing residents of South Carolina who were victimized because the state had failed to protect sensitive personal information. That was three years ago. If nothing else, that major data breach made government officials more aware of how rampant the cybercrimes problem has become. Today, the list of government entities that have become victims of cybercrimes is growing – the Internal Revenue Service, the Oregon Department of Administrative Services, the Veteran’s Administration, the Alabama State Legislature, the White House, the Utah Department of Health…the list goes on.

Two days ago, the Internal Revenue Service said it believes the recent cyber-attack that allowed the stealing of tax returns of more than 100,000 people originated from Russia. The cybercriminals used personal data stolen from the agency to file $50 million in fraudulent tax returns. This type of incident has caused government agencies to aggressively seek ways to attack the problem. Local, state and federal government officials are more proactive than ever in their investigation of illegal cyber activity.

Texas, along with many other states, appointed a Chief Information Security Officer (CISO). The duties of this individual who is located at the Texas Department of Information Resources (DIR) include overseeing management of statewide security programs and coordinating public-sector cybersecurity efforts.

To provide education for security officials in the state, the Texas InfoSec Academy was created by DIR in 2014. The Academy trains state CISOs and Information Security Officers. The curriculum taught is based on courses developed by the U.S. Department of Homeland Security. Security officers are offered six career tracks – among them penetration testing, hacking, disaster recovery and incident handling. As of the end of April, there were 175 people enrolled in the Academy.

In February, President Barack Obama issued an Executive Order that directed the Department of Homeland Security to encourage the creation of Information Sharing and Analysis Organizations (ISAOs) throughout the country. Virginia followed that directive and established the nation’s first ISAO. It marked one more step the Commonwealth is taking to secure state-held information.

Just last week, New Jersey officials announced the creation of the New Jersey Cybersecurity and Communications Integration Cell. The office is intended to help the state defend against cyberattacks and against hackers. It will analyze cyber threats and share information with citizens, private-sector firms and the federal government.

The state of California has also launched a multi-stakeholder cybersecurity task force to secure cyber infrastructure. The state established a Privacy Enforcement and Protection Unit at the state Department of Justice, and the goal is to enforce privacy policies and a state law regarding security breach notification. Experts estimate that cybercrime could cost the world up to $575 billion per year. And, that is a conservative estimate, as many such attacks go undetected or unreported.

For the most part, most cybercrimes are not the work of amateur hackers. The perpetrators are highly sophisticated professionals – criminals. It is a frightening realization and no government entity is immune to cybercrime.

For the latest government news and trends, continue to follow our SPI Insights.