US government ‘will struggle’ with White House data encryption deadline
An August deadline for US government agencies to encrypt all sensitive data may be too tight, security experts have warned.
An August deadline for US government agencies to encrypt all sensitive data may be too tight, security experts have warned.
The White House demand for encryption of sensitive information follows the theft of US Department of Veterans Affairs data on 26.5 million former soldiers.



From forensic cyber to encryption: InfoSec17
Security technologist Bruce Schneier’s insights and warnings around the regulation of IoT security and forensic cyber psychologist Mary Aiken’s comments around the tensions between encryption and state security were the top highlights of the keynote presentations at Infosecurity Europe 2017 in London.
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.
An investigation by the department’s inspector general, George Opfer last week slammed a series of mistakes, poor security measures and an overall lack of care, after the data taken home by an analyst on a laptop was stolen in a burglary.
Opfer also criticised a chain of officials, up to the department’s deputy secretary Gordon Mansfield, for waiting nearly three weeks to reveal the burglary, putting veterans and active personnel at risk of identity fraud.
US government departments have now been given just 45 days to put encryption measures in place to prevent similar data securtity breaches. But encryption software firm PGP warned that this may not be enough time.
“We’re in favour – it’s a good move that the White House is getting serious about encrypting data,” said PGP’s EMEA marketing manager Jamie Cowper.
But he added, “The 45-day window may be a little prohibitive to actually getting it done.”
He queries whether sufficient funds had been made available – and whether the money had been pushed out to the various departments. “Have they done an internal audit to see what needs to be encrypted? Are there technology guidelines?” he asked.
Cowper warned, “Forty-five days is going to be a very tough deadline.”
Vote for your IT greats
Who have been the most influential people in IT in the past 40 years? The greatest organisations? The best hardware and software technologies? As part of Computer Weekly’s 40th anniversary celebrations, we are asking our readers who and what has really made a difference?
Vote now at: www.computerweekly.com/ITgreats
Read more on IT risk management
-
Why businesses must think like criminals to protect their data
-
Security Think Tank: Use awareness, education and controls to halt cryptojacking
-
Security Think Tank: Awareness is a good starting point to counter fileless malware
-
Security Think Tank: Human, procedural and technical response to fileless malware
Start the conversation
0 comments