Content area
Full Text
Introduction
Information has become the new currency of exchange in the cyber age,1 and, as a whole, the U.S. government has failed to keep pace with the rapid changes within the information domain. The government has taken little or no action on the security of social media and networks,2 despite the fact that nearly all major organizations in this field have seen, and continue to see, significant compromises of user information.3 Commercial and health care networks have seen, and continue to see, breaches of customers' personal information,4 and even in government itself, agencies struggle to meet current cybersecurity and privacy requirements.5 The U.S. government dedicates significant resources to the protection of military and national security information. We prioritize the security of information on our critical infrastructure, such as energy, water, and transportation, and we look at all government information systems as important components of our national security infrastructure. Personal information, on the other hand, is not considered within this category of critical national security assets.
Federal privacy law has historically been seen as an administrative endeavor to keep government intrusion into the private lives of U.S. persons at bay. However, technology has changed significantly since the concept of privacy was first conceived. The ubiquity of information and information technology presents increasing dangers to privacy, and they present new opportunities for exploiting personal information as an attack vector on societal institutions, military organizations, and governments. This new attack vector has already been exploited in many ways, touching nearly every branch of the U.S. government and every federal and military employee.
Imagine if the personal information of key members of a deploying unit, intelligence organization, or government agency were exposed to attack: bank accounts were emptied, and disinformation was mingled with other pieces of their personal lives now published online. such an attack would create havoc in their personal lives. Arguably, surgical targeting of key persons may only distract an organization in a marginal way. on the other hand, widening the attack surface (across systems or enterprises) or increasing the gravity of effects (from personal support systems to organizational response and readiness) could hinder if not cripple an organization's ability to accomplish its mission.
This paper will explore how threats to personal information have materialized into a...