In the digital age, the American people knowingly and unknowingly produce huge amounts of data on a daily basis, and governments at all levels increasingly rely on digital systems to manage their internal operations and deliver public services. Through widespread e-commerce, ubiquitous GPS maps, and regular social media interactions, the public transmits their sensitive financial, health, and other personal information through online platforms. Americans need assurance that all sectors will keep their personal data private and safeguarded from abuse, but our data security infrastructure in both the public and the private sectors is vulnerable to exploitations, hacks, and breaches. With malevolent foreign intelligence entities, the hacking of public agencies, the infiltration of elections by non-state actors like WikiLeaks, and other dangers, the threat of data insecurity and exposure to breaches is real and immediate for governments, companies, and individuals.
Nonstate cyber actors and nation-states have developed sophisticated mechanisms for exploiting the vulnerabilities of government systems. Not only do they steal information and money; they increasingly disrupt, destroy, or threaten the delivery of essential public services. For example, hackers have been targeting local governments for ransomware attacks, with important systems and data being blocked until a ransom payment is made. In the summer of 2019, a host of local governments—including Baltimore, MD; Albany, NY; Laredo, TX; and 22 small Texas towns—had their operations disrupted by such attacks. The City of Baltimore experienced a hack that prevented the locality from issuing health alerts and delayed water bill delivery. Similarly, the City of Atlanta’s systems for police reports and employment applications were down for days due to a March 2018 cyberattack. State and county governments, school districts, hospitals, and court systems have also become common targets of ransomware attacks.
Over the next decade, technology will continue to evolve, and data security programs in both the public and the private sectors will face new vulnerabilities. Public agencies and administrators have a critical role in ensuring data security and privacy by:
As part of the Grand Challenge to “Ensure Data Security and Individual Privacy,” the Academy will work with stakeholders to determine how to:
This is an illustrative list of topics. As the Grand Challenges campaign kicks off and progresses, other issues can and will be addressed based on stakeholder feedback about critical needs and opportunities.