Since 2014, over 440 breaches of government data in the U.S. have exposed nearly 169 million records, according to a study from technology research website Comparitech.
That figure doesn’t even touch on data breaches that remain undiscovered, nor on other security issues that can impact government records. Meanwhile, even as the slow but sure transition to an all-digital record-keeping environment in the federal government generates important benefits, it also creates new security challenges. What do agencies need to know about keeping electronic records secure?
Multi-level security is needed.
Hacks and data breaches may be the first security issue most people think about, and they do represent risks that require robust protections that range from firewalls to data encryption. However, government electronic records face more potential risks than just unauthorized access and theft:
- Physical security: data centers must be protected against fire, flooding, and other physical damage.
- Power loss/equipment failure: backup systems and fail over plans are needed should a server go down.
- Tampering: role-based access controls can prevent bad actors from altering electronic records.
- Ransomware: the past year has seen a surge in bad actors holding government data hostage for ransom.
FEDRAMP-compliant services are key to protecting electronic records.
Risks like those described above are why federal agencies are required to store records in secure FEDRAMP-compliant data centers. FEDRAMP establishes security controls based on NIST SP 800-53 standards. Note that security must be enforced everywhere the electronic records go – from the point of creation at the agency, to the servers where they are stored long-term, to the individual devices where users may access them for daily use.
Access to cybersecurity expertise is critical.
The U.S. Government Accountability Office (GAO) states it plainly: “The federal government needs a qualified, well-trained cybersecurity workforce to protect vital IT systems. Not having enough of these workers is one reason why securing federal systems is on our High-Risk list.”
Indeed, access to experts is foundational to any cybersecurity program. However, the federal government must contend with the same shortage of skilled cybersecurity professionals that is plaguing private industry. Market analysis firm Cyberseek says that over 30% of active cybersecurity jobs are unfilled – a situation that is expected to worsen through at least 2022.
This staffing shortage puts federal agencies at a serious disadvantage in securing electronic records and makes it paramount that any associated vendors possess the necessary skills and knowledge to protect their records. Access to experienced, up-to-date experts is critical to maintaining security and responding effectively in the event of a breach or other incident.
About PSL
PSL is a global outsource provider whose mission is to provide solutions that facilitate the movement of business-critical information between and among government agencies, business enterprises, and their partners. For more information, please visit https://www.penielsolutions.com or email info@penielsolutions.com.