Data

'Toxic' data threatens agencies

Shutterstock image: black data center with white floors and ceiling.

Datasets have a shelf life. If kept too long, data can pose a security threat to agencies. Addressing that threat could help stave off the next Office of Personnel Management-type hack, according to military officials.

"We have to start measuring the toxicity of data over time because…the longer we retain it, the more and more threat it represents from a compromise perspective," said David Tillman the Department of Navy's cybersecurity director. He and other military officials spoke April 14 at a panel hosted by FedScoop.

Datasets created and stored before the development of advanced cybersecurity protections can potentially offer easy pathways for hackers. The advent of cheap storage encourages data hoarding and "creates a more and more toxic environment from a threat perspective for our agencies and our departments," Tillman said.

Ray Letteer, chief of the Marine Corps' cybersecurity division, agreed with Tillman – and warned of the ramifications of data hoarding.

If datasets do not have an expiration date beyond which they are treated as greater threats, "we're going have another problem like OPM did," he said. Letteer noted that some of the Corps' network inspectors have found personal information, such as résumés, stretching back decades.

OPM's dated IT systems came under scrutiny after a breach compromised the personal information of at least 22 million Americans.  Failure to detect the breach earlier was not a sign of the hackers' sophistication, but rather a function of "1970s legacy systems that operate on COBOL mainframe applications that have not been updated since the Y2K bug," the Institute for Critical Infrastructure Technology opined in a July 2015 report.

Defense Department CIO Terry Halvorsen has said data should come with an expiration date because it is generally less valuable as it ages, and therefore less worth securing.

A complicating factor is federal agencies' obligations to preserve information under the Freedom of Information Act. "This is nothing new for us," said Essye Miller, the Army's director of cybersecurity. "The FOIA rules have existed for years."

About the Author

Sean Lyngaas is a former FCW staff writer.

Featured

  • Defense

    DOD wants prime contractors to be 'help desk' for new cybersecurity model

    The Defense Department is pushing forward with its unified cybersecurity standard for contractors and wants large companies and industry associations to show startups and smaller firms the way.

  • FCW Perspectives
    tech process (pkproject/Shutterstock.com)

    Understanding the obstacles to automation

    As RPA moves from buzzword to practical applications, agency leaders say it’s forcing broader discussions about business operations

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.