Trending
NGA launches cyber policy academy
The National Governors Association’s Center for Best Practices has selected four states to join its 2021 Policy Academy on Advancing Whole-of-State Cybersecurity. The initiative is the most recent NGA effort to help states and territories develop, refine and share lessons learned.
In this year’s Policy Academy, teams from Kansas and Missouri will focus on cyber governance, Montana officials will focus on cybersecurity workforce development, and a team from Washington will focus on state/local government cybersecurity partnerships. Participants will test best practices that are relevant for all state and territorial governments, develop action plans for strengthening cybersecurity and learn from other states that are facing similar challenges.
“Cybersecurity remains a constant concern for governors and other elected officials, policymakers, business leaders and citizens,” according to NGA’s announcement. “Criminals and foreign adversaries continue to exploit software vulnerabilities and human error to steal confidential data, disrupt critical services and endanger the public welfare.”
Washington Gov. Jay Inslee said: “As a leader in the innovation economy, Washington state recognizes its future is not just based on new digital technologies, but also trust in robust cybersecurity and strong collaboration between all levels of government. I believe this is a great opportunity to help our state improve its security posture.”
NGA shares the outcomes, best practices and lessons learned from its policy academies to all 55 state, commonwealth and territorial governors nationwide.
— Susan Miller
$1.4B is the planned value of the Defense Health Agency’s
Workforce 3.0 contract
Advanced encryption powers privacy-protecting gun registry
30
March/April 2021 FCW.COM
With discussions about gun control on the rise in the wake of recent mass shootings, researchers at Brown University announced that they have developed a proof of concept for a national, decentralized privacy- protecting gun registry that puts control of the database in the hands of county officials.
Advanced encryption would allow county databases to be searched without being decrypted. A global directory would contain
only the makes, models and serial numbers of legally owned guns in each participating county. It would connect the guns to their owners with a registration number rather than linking to the owner’s personally identifiable information.
County officials would
control the decryption key by inserting a token such as a YubiKey into a laptop when allowing their county’s data to be searched by authorized users such as law enforcement officers or gun sellers.
If police officers wanted to identify the owner of a gun found at a crime scene, for example, they could use the gun’s serial number to search the entire system. Without ever decrypting the data, the system would identify which county database contains a gun with that serial number. If the county official controlling the local database allows, the officers could then decrypt the relevant record.
“All of the servers that are storing the data and all of the computers that are doing these operations, they’re just processing encrypted data and they never actually see anything,” said Seny Kamara, associate professor of computer science at Brown.
“That provides really strong privacy throughout the process because none of the data can ever be seen without the decryption key.”
If a county decides to end its participation in the network, “the official just pulls that hardware token out of the laptop, and that’s it — nothing works,” he said. “The data is encrypted and the key is unavailable, so nothing can happen.”
Kamara said Sen. Ron Wyden (D-Ore.) prompted the creation of the registry. “The senator’s office had this idea for a database where counties are incentivized to participate, but they could pull out at any time,” Kamara said. “For the senator’s office, that ability for counties to walk away and basically pull their data off-line was
really important.”
To test the idea, the researchers used
synthetic data to show that searches were computationally practical, with results returned in a minute or less. Although the proof of concept needs refinement, it should be relatively inexpensive for participants. Brown officials estimated that each county database could be stored for less than $1,000 per year, and the global directory would cost less than $500 per year.
People imagine gun registries as publicly searchable databases, “but with advanced cryptography, that’s not necessarily true,” Kamara said. “This is an example of how you can have technology folks and policymakers working in concert, and it changes the conversation. It’s been a really great collaboration.”
— Susan Miller
Advanced encryption would allow county databases to be searched without being decrypted.