From: GAO
This information appears as published in the 2015 High Risk Report.
Federal agencies and our nation’s critical infrastructures—such as energy, transportation systems, communications, and financial services—are dependent on computerized (cyber) information systems and electronic data to carry out operations and to process, maintain, and report essential information.[1] The security of these systems and data is vital to public confidence and the nation’s safety, prosperity, and well-being. Safeguarding federal computer systems and the systems that support critical infrastructures—referred to as cyber critical infrastructure protection—is a continuing concern. The security of our federal cyber assets has been on our list of high-risk areas since 1997. In 2003, we expanded this high-risk area to include the protection of critical cyber infrastructure. This year, we added protecting the privacy of personally identifiable information (PII)—information that is collected, maintained, and shared by both federal and nonfederal entities.
Risks to cyber assets can originate from unintentional and intentional threats. These include insider threats from disaffected or careless employees and business partners, escalating and emerging threats from around the globe, the ease of obtaining and using hacking tools, the steady advance in the sophistication of attack technology, and the emergence of new and more destructive attacks. The ineffective protection of cyber assets can result in the loss or unauthorized disclosure or alteration of information. This could lead to serious consequences and result in substantial harm to individuals and to the federal government.
Regarding PII, advancements in technology, such as new search technology and data analytics software for searching and collecting information, have made it easier for individuals and organizations to correlate data and track it across large and numerous databases. In addition, lower data storage costs have made it less expensive to store vast amounts of data. Also, ubiquitous Internet and cellular connectivity facilitates the tracking of individuals by allowing easy access to information pinpointing their location. These advances—combined with the increasing sophistication of hackers and others with malicious intent, and the extent to which both federal agencies and private companies collect sensitive information about individuals—have increased the risk of PII being exposed and compromised. Furthermore, the number of reported security incidents involving PII at federal agencies has increased significantly in recent years and a number of high-profile breaches of PII have occurred at commercial entities.[2] For these reasons, we added protecting the privacy of PII to this high-risk area.
Leave a Reply