At a glance.
- USDOT discloses breach just as GAO issues report on cybersecurity.
- Proposed bill aims to improve cybersecurity of rural hospitals.
- TSA tests airport facial recognition tech.
USDOT discloses breach just as GAO issues report on cybersecurity.
The US Department of Transportation (USDOT) confirmed yesterday that the data of approximately 237,000 current and former agency employees were exposed in a cyberattack. Nextgov.com explains that It’s unclear exactly when the attack occurred, but USDOT disclosed the attack to Congress on Friday. Coincidentally, news of the incident came just days before the Government Accountability Office issued a report stating that USDOT needs to improve its implementation of cybersecurity policies. In the report, GAO acknowledges that USDOT has made some progress, including the creation of cybersecurity roles and responsibilities for officials within its agencies, but there is still room for improvement. For instance, Nextgov.com notes, while USDOT has reviewed its agencies’ cybersecurity programs, the reviews were not used to actually address the sixty-three cybersecurity recommendations issued by GAO. “The risks to IT systems supporting the federal government and the nation’s critical infrastructure are increasing as security threats continue to evolve and become more sophisticated,” the report reads. “Therefore, it is imperative for agencies to clearly define cybersecurity-related roles and responsibilities and effectively oversee their cybersecurity programs in order to manage the risks associated with the operation and use of information systems.” The report issues three recommendations for USDOT’s CIO: use IT program reviews to address recommendations that have not been implemented; work with human resources to require Operating Administration (OA) senior IT managers to include cybersecurity-related performance expectations in their performance plans; and participate in the reviews of OA CIOs and their equivalents.
Proposed bill aims to improve cybersecurity of rural hospitals.
Health IT Security reports that two US Senators have introduced the Rural Hospital Cybersecurity Enhancement Act, a bill focused on improving the cybersecurity of rural healthcare facilities. The measure was proposed by Senators Josh Hawley, Republican of Missouri, and Gary Peters, Democrat of Michigan, after a recent Homeland Security and Governmental Affairs Committee (HSGAC) hearing highlighting the difficulties faced by rural hospitals lacking the budget and staffing to properly address cybersecurity. At the hearing, senior virtual information security officer at Fortified Health Security Kate Pierce testified, “While attacks in urban areas are impactful, populated areas provide other healthcare options for patients to choose. In most rural areas, the next closest healthcare facility may be 45 miles away or more, making the diversion of patients infeasible.” The bipartisan bill would require the Cybersecurity and Infrastructure Security Agency director to develop a “comprehensive rural hospital cybersecurity workforce development strategy” focused on training resources, public-private partnerships, and policy recommendations. As well, the Secretary of Homeland Security would be required to update the HSGAC and the House Committee on Homeland Security annually on strategy progress.
TSA tests airport facial recognition tech.
The US Transportation Security Administration (TSA) has begun testing the use of facial recognition technology at airports in sixteen cities including Baltimore, Washington, DC, Atlanta, Boston, and Los Angeles. Jason Lim, TSA’s identity management capabilities manager, explained to reporters, “What we are trying to do with this is aid the officers to actually determine that you are who you say who you are.” AP News explains that the facial recognition technology compares the passenger’s face to the image on their ID or passport in an effort to improve the efficiency of the identity verification process. A TSA agent will be present to sign off on the screening, and passengers can opt out if they choose. However, some privacy advocates and elected officials have expressed concerns that the program could violate privacy rights. In February five senators penned a letter to the TSA calling for the program to be stopped. “Increasing biometric surveillance of Americans by the government represents a risk to civil liberties and privacy rights,” the letter read. Critics have raised concerns about the collection of biometric data and the potential for abuse if it falls into the wrong hands. As well, facial recognition tech has known biases when it comes to identifying certain classes of individuals.