Do agencies need an ‘awakening’ about what their data is worth?

Best listening experience is on Chrome, Firefox or Safari. Subscribe to Federal Drive’s daily audio interviews on Apple Podcasts or PodcastOne.

The Trump Administration has a governmentwide data strategy in the works, but agencies don’t always understand the value of the information they’re sitting on.

Donna Roy, the executive director of the Homeland Security Department’s Information Sharing and Services Office, said Thursday that agencies need a “big awakening” to realize that data is their biggest asset.

Donna Roy, executive director of the Homeland Security Department’s Information Sharing and Services Office

“I think we need to start valuing our data. The risk of not curating it, the risk of not sharing it all can be monetized, and we can start putting numbers on this and understanding what we hold is much more valuable than our investment in software or investment in cloud migrations,” Roy said at a Broadcom conference on IT modernization in Washington.

She added that the next six months will mean working to understand where the federal leaders are across the government “and see if we can’t infuse some of that thinking into making risk-based modernization plans for better use and better management of data.”

In getting the word out about the President Management Agenda, Federal Chief Information Officer Suzette Kent has said repeatedly agencies need better hygiene to make the most use of their data.

Roy said DHS has been “aggressively” moving to the cloud, and along the way it’s dealt with
“dark data.” She explained it’s a case where one’s person trash is someone else’s treasure.

“It’s predominantly unstructured content that is not leveraged usually after the first time you save it or you put it away.”

In migrating to the cloud, and moving DHS’ emails and shared drives, Roy said the agency didn’t have an elegant way to start culling through years of dark data.

“If you think about it, it presents a significant risk,” she said. “Dark data is becoming the number-one target for most of your cyber threats, because people realize it’s out there and it’s a treasure trove of information.”

With that dark data threat in mind, Roy urged agencies to catch up with where the private sector is on factoring risk management into their modernization plans.

“If you don’t know the value your data hold for your enemies, how do you know how better to protect it? What pieces are you going to protect more? What pieces are sort of moderately interesting and how do you keep it around long enough? When should you keep it? All of that can be described in a value-based or risk-based framework,” she said. “We just don’t do that in the federal government, and I think they do much better in the corporate world because they understand their profits are driven by it, and we just don’t have that drive.”

Roy also outlined DHS’ efforts in verifying more than 240,000 employees when they log onto the agency’s networks. She said what keeps her up at night, though, is verifying the agency’s trusted partners — namely the 60,000 emergency management agencies in the country, and more than 800,000 police officers working in 18,000 police departments.

“I just wanted to know if they are who they are, and they’re like, ‘Well I have a gun and a badge.’ And I’m like, ‘Well, electronically I can’t see that when you’re logging into the computer, so I need some proof of who you are,'” Roy said. “It was a huge cultural shift to answer what we are standardly now doing, which is knowledge-based questions.”

Roy explained how DHS has found ways to verify officer identities without asking so many questions, by switching to biometrics and establishing a “trust score” for incoming calls.

“You can check where the phone call’s coming from or where they’re connecting to their network. If I’m Donna Roy, I’m usually in Washington, D.C. If someone’s using a mobile that looks like Donna Roy is in China, it’s probably not Donna Roy and we can stop those interactions before they even get close to our network.”

Energy eyes automation for security patching

Pamela Isom, the Energy Department’s chief data officer and deputy chief information officer for architecture, said she’s looking at automation to free up the agency’s workforce.

“I get really frustrated when I see a lot of duplication of effort and a lot of redundancy. When I see things that could be automated, but yet I’m spending time or I see my peers or my customers and partners spending time doing things that could be automated,” she said. “We’re a big proponent of automation and are looking at how to automate in order to  streamline and make our processes more effective and more efficient.”

Agencies also face an uphill challenged updating legacy IT systems, but Isom said that’s yet another opportunity where the more agencies can automate, the better off they will be.

“Anytime we have to manually look for the need to put some patches in place, if that process is not automated, we could easily forget that that needs to occur, and there introduces a vulnerability,” Isom said. “So when I’m thinking automation, I’m looking across the board on where are the manual checkpoints and where are places where we can [do] simple little things to make the process more efficient.

Related Stories

Comments