At a glance.
- US FTC tracks COVID-19 fraud complaints.
- Zoom is out at Defense, ICE.
- Balancing privacy and public health.
- GAO finds Defense cyber hygiene a work in (slow) progress.
US Federal Trade Commission tracks COVID-19-related complaints.
Between January 1st and April 13th of this year, the FTC reports that it's received 17,425 complaints from consumers about matters related to the COVID-19 pandemic. The total losses to fraud over that period amount to $13.13 million, with the median loss coming in at $568. The top fraud reports are:
- Travel\Vacations
- Online Shopping
- Mobile: Text Messages
- Internet Information Services
- Impostor: Business
Zoom increasingly out at Defense, Immigration and Customs Enforcement.
Zoom has clearly been the most widely employed teleconferencing service used by businesses and many government agencies. Military.com reports that Zoom’s now well-known struggles with privacy and security have induced the US Department of Defense to place most versions of the service off-limits to most of its organizations, and GCN says that the US Department of Homeland Security’s Immigration and Customs Enforcement has cautioned its personnel and contractors not to rely on Zoom.
Balancing privacy and public health, online.
The Washington Post summarizes the fears that public health measures, driven by fear of the pandemic, will lead to a general erosion of privacy and increase in government surveillance. It's a slippery slope argument, but not necessarily an unsound one. The concern is not only that holding large amounts of data will prove to be an irresistible temptation to government (almost an attractive nuisance) but also that once the precedent of collecting and analyzing personal information is established, it will be difficult to claw privacy back.
The contrary view can be found in Foreign Affairs, which has a long and exasperated op-ed on the tension between privacy and public health. The author argues that seeing such tension as an insurmountable obstacle to tracking the pandemic presents a false dilemma and a lazily drawn dichotomy, that there’s no devil’s pact necessarily involved, and that clear-eyed application of sound practices should enable governments, companies, and individuals to slip between the horns of that false dilemma.
GAO measures DoD's cyber hygiene and finds it wanting.
The US Government Accountability Office has looked at the progress the Department of Defense has made toward instilling cyber hygiene ("a set of practices for managing the most common and pervasive cybersecurity risks") into its operations, and the GAO sees room for improvement. They offer seven recommendations by which the Pentagon might improve its game:
- "The Secretary of Defense should ensure that the DOD CIO takes appropriate steps to ensure implementation of the DC3I tasks."
- "The Secretary of Defense should ensure that DOD components develop plans with scheduled completion dates to implement the four remaining CDIP tasks overseen by DOD CIO."
- "The Secretary of Defense should ensure that the Deputy Secretary of Defense identifies a DOD component to oversee the implementation of the seven CDIP tasks not overseen by DOD CIO and report on progress implementing them."
- "The Secretary of Defense should ensure that DOD components accurately monitor and report information on the extent that users have completed the Cyber Awareness Challenge training as well as the number of users whose access to the network was revoked because they have not completed the training."
- "The Secretary of Defense should ensure that the DOD CIO ensures all DOD components, including DARPA, require their users to take the Cyber Awareness Challenge training developed by DISA."
- "The Secretary of Defense should direct a component to monitor the extent to which practices are implemented to protect the department's network from key cyberattack techniques."
- "The Secretary of Defense should ensure that the DOD CIO assesses the extent to which senior leaders' have more complete information to make risk-based decisions—and revise the recurring reports (or develop a new report) accordingly. Such information could include DOD's progress on implementing (a) cybersecurity practices identified in cyber hygiene initiatives and (b) cyber hygiene practices to protect DOD networks from key cyberattack techniques."