Some of the most significant recommendations made by government investigators and auditors in recent years have been focused on technology. Recently, the US Treasury’s Inspector General found that nearly two-thirds of its technology hardware was beyond its “useful lifespan.” Several months ago, the OIG of the Veterans Affairs office found that VA data is not kept in a system that can guarantee its confidentiality or availability – a finding they’ve made every year for 17 years in a row.
Security threats posed by poorly configured or maintained technology are a wise place for government investigators to focus. Symantec’s most recent Internet Security Threat Report details 10 of the most notable targeted technology attacks since 2000. Of those ten, six of them each targeted multiple government agencies, another focused on Embassies, and an eighth targeted military and educational institutions. This isn’t surprising, given that the most sophisticated technology exploits are either funded by or perpetrated by government agencies. These attacks are expensive to engineer, so the financiers want to make sure they get the most value possible from them, which is generally either intelligence or data they can weaponize.
Unfortunately for investigative agencies, their own data is among the easiest to weaponize if it falls into the wrong hands. When repurposed as a weapon, investigative data can be used for tremendous effect. Leaking or threatening to leak data before a case is closed can be used to cast doubt on a target of investigation, to alert them of the investigation, or to blackmail them into taking actions that aren’t in the interest of the United States. Selectively leaking data on cases that were closed without any suspected wrongdoing can cast doubt on the government itself, by making it look as if instances of wrongdoing were buried or downplayed.
This leads to an important question: is your agency doing all it can to prevent its own data from being hacked? Some ways to safeguard data are highly technical, best left to technology experts who can ensure that all purchases meet the requirements necessary for the safety of your data. That doesn’t mean that investigative executives shouldn’t be thinking about some of the most serious challenges to data security – especially these three threats, which are every bit as much HR and procurement problems as they are technology problems.