Data

'Toxic' data threatens agencies

Shutterstock image: black data center with white floors and ceiling.

Datasets have a shelf life. If kept too long, data can pose a security threat to agencies. Addressing that threat could help stave off the next Office of Personnel Management-type hack, according to military officials.

"We have to start measuring the toxicity of data over time because…the longer we retain it, the more and more threat it represents from a compromise perspective," said David Tillman the Department of Navy's cybersecurity director. He and other military officials spoke April 14 at a panel hosted by FedScoop.

Datasets created and stored before the development of advanced cybersecurity protections can potentially offer easy pathways for hackers. The advent of cheap storage encourages data hoarding and "creates a more and more toxic environment from a threat perspective for our agencies and our departments," Tillman said.

Ray Letteer, chief of the Marine Corps' cybersecurity division, agreed with Tillman – and warned of the ramifications of data hoarding.

If datasets do not have an expiration date beyond which they are treated as greater threats, "we're going have another problem like OPM did," he said. Letteer noted that some of the Corps' network inspectors have found personal information, such as résumés, stretching back decades.

OPM's dated IT systems came under scrutiny after a breach compromised the personal information of at least 22 million Americans.  Failure to detect the breach earlier was not a sign of the hackers' sophistication, but rather a function of "1970s legacy systems that operate on COBOL mainframe applications that have not been updated since the Y2K bug," the Institute for Critical Infrastructure Technology opined in a July 2015 report.

Defense Department CIO Terry Halvorsen has said data should come with an expiration date because it is generally less valuable as it ages, and therefore less worth securing.

A complicating factor is federal agencies' obligations to preserve information under the Freedom of Information Act. "This is nothing new for us," said Essye Miller, the Army's director of cybersecurity. "The FOIA rules have existed for years."

About the Author

Sean Lyngaas is a former FCW staff writer.

Featured

  • Comment
    Pilot Class. The author and Barbie Flowers are first row third and second from right, respectively.

    How VA is disrupting tech delivery

    A former Digital Service specialist at the Department of Veterans Affairs explains efforts to transition government from a legacy "project" approach to a more user-centered "product" method.

  • Cloud
    cloud migration

    DHS cloud push comes with complications

    A pressing data center closure schedule and an ensuing scramble to move applications means that some Homeland Security components might need more than one hop to get to the cloud.

  • Comment
    Blue Signage and logo of the U.S. Department of Veterans Affairs

    Doing digital differently at VA

    The Department of Veterans Affairs CIO explains why digital transformation is not optional.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.