While initial concerns about the Trump executive order focused on a potential threat to the EU-US Privacy Shield, IAITAM said the reality is that EU citizens are now being dealt with by the federal agencies subject to the executive order in the same way that US citizens are.
IAITAM CEO Dr. Barbara Rembiesa said: “President Trump should seize the initiative here and take the necessary next steps. The real problem here is putting the federal government in charge of privacy. Unfortunately, the US government has shown it is not equipped to successfully process privacy data. What is at risk here is the personal data of every individual processed by federal agencies. The privacy threats are widespread and include the IRS, the White House, the State Department, and the Veteran’s Administration.”
Focusing on the needed solution, Rembiesa said: “At the root of much of what ails the federal government bloat in IT spending and related woes is a lack of meaningful IT Asset Management. ITAM is the bridge that links an organization’s financial, contractual, and physical IT inventory requirements with the goals and objectives of the operational IT environment.”
How bad is the problem?
Every year, there are tens of thousands of cybersecurity and data integrity incidents involving federal agencies, including the following recent cases:
- Social media hack within the Department of Defense/ U.S. Central Command.
- China-linked state-sponsored cybersecurity attack on personnel information within the U.S. Postal Service.
- A State-sponsored Russian intrusion into unclassified networks within the White House.
- State-sponsored Chinese hacker entered into the Department of Defense/ U.S. Transportation Command.
- Inspector-General reports of the Nuclear Regulatory Commission being hacked three times in three years.
- A primary US security clearance contractor being compromised within the U.S. Investigation Services.
- An unclassified email network hacked into within the U.S. State Department.
How would ITAM address these problems and others?
According to the IAITAM analysis: “With so many federal agencies being compromised on a regular basis it becomes readily apparent that granting personal data processing to these federal agencies puts the data and the people at risk. The historical precedent shows that the US Government is not currently prepared to handle the responsibilities necessary to process data as well as protect it. There needs to be a stop-gap between the processing of the data and the inability to protect it. The only way to successfully do that is to institute and enforce a mature and robust ITAM Program …”
“The Federal Government’s approach to ITAM should include two components:
- The first is a rigorous government-wide centralized ITAM program responsible for creating policies, procedures, processes, and metrics for all government agencies.
- The second is an agency-level ITAM team, which would include the day-to-day management of all assets within that agency as set forth and required by the centralized program. “
The IAITAM analysis concludes: “… legislation should be enacted to protect and manage our greatest resource (technology) at the federal level, state level, and in critical infrastructure in the private sector. This legislation should address the areas of procurement, disposal, inventory management to the component level of IT Assets (such as hard drives), data security, and other mandated policies which would mitigate the risk to the United States and the critical infrastructure that is not owned by the government but is enabled and regulated by legislation.”