IRS’s Federal Student Financial Aid Data Retrieval Tool Temporarily Suspended
Below is a rush transcript of this segment, it might contain errors.
Airing date: 03/17/2017
FAFSA Site Partially Shutdown Due to Security Concerns – 92 Percent of Top Federal Agencies with No Basic security
Craig Peterson: We’re gonna do a little TechSanity check on the federal government. Craig Peterson here. And we’re gonna talk about what happened to FAFSA. If you have kids and your kids were trying to get some money from the feds, you are in for a surprise. Surprise. Security problem. So we’re gonna talk about that. And we’re gonna talk about it a little more generally here because there was a White House report that just came out just this week talking about security in federal agencies. Stick around. A lot to talk about today on TechSanity check.
You know we rely on federal government, and you know, state governments too for so many things nowadays. They require for us to give incredible amounts of information about ourselves. They collect even more information than that. How secure are they? Well obviously, they’re not, right? The FBI’s home page hacked in a big way. Confidential information taken from our top spy agencies. I mean like top secret type stuff. Maybe even higher right there from our federal agencies NSA, CIA, right? What happened with Hillary Clinton, Secretary of State? Her emails, all of them apparently, were put online, stolen or otherwise. How did that happen? Why is the federal government not keeping our information safe?
Now this morning, I talked little bit with WGAN about some of these problems. You know, the ultimate data mining that’s going to occur. The big data and the problems that’s going to cause for every last one of us, right? It’s a huge deal. A very, very big deal. So, to my surprise, my wife comes down and says hey, did you see what happened to FAFSA? Are you familiar with FAFSA? F-A-F-S-A? This is a tool that’s used for federal student loan applications. They have this tool that’s online. It gives you the ability to get some of these federal money. Now you may or may not actually end up getting it, but it’s an online tool that you have to use. And you have to assign yourself an account and a password and you put in information about your tax return. So you’re putting in information about what it is that you have made and you’re hoping to get some student aid here. It’s a free application online.
So you’ve got a copy of this financial information on tax returns or from the software you use for your taxes. Well, this tool, by the way, also used for income-driven repayment applications. And it looks like this tool’s gonna be down for several weeks here because the IRS shut it down. They shut it down. They’re trying to fix this problem as quickly as possible. And they suspended this data retrieval tool that’s part of FAFSA following concerns that information from the tool could potentially be misused by identity thieves. So the IRS and the Federal Student Aid people are working to investigate the risk are also collaborating a way to make it more secure from potential thieves. You know, isn’t that great? Right after the fact the horse is out of the barn.
So, I started looking into this a little bit more and doing more research. And, what else do I find? Well, I find that there is a report that just came out. This is a report that was delivered to the White House and they had a look at federal agencies because President Trump, very early on in his administration here in January, came out and said that agency heads are going to be “totally accountable” for modernization and for cybersecurity. Ok, this was a very, very big deal
because he’s trying to hold via executive order the agency heads directly accountable to work with the assistant to the president for intergovernmental affairs and technology.
So this is going to be interesting what happens. Well, under Barack Obama a handful of lawmakers introduced some legislation that was supposed to promote IT modernization including Modernizing Government Technology act. That’s one of the things they did, MGT. But it didn’t really happen under President Obama. So now President Trump’s saying it absolutely has to happen. We’re gonna make sure that happens.
So President Trump’s report is showing 31,000 cyber incidents occurring in 2016 that led to the compromise of information or system functionality. I’m gonna repeat that. 30,899 cyber incidents that led to the compromise of information or system functionality. Now it goes on to say even more things about it. For instance, most federal government websites lack basic security. They’re not even using HGPS which is a standard piece of software SSL that’s used, it’s a protocol that’s used for your browser to talk securely to the remote server. So they’re not even doing the most basic stuff. They’re not using DNSSEC either which is important to make sure you’re not being directed to the wrong site. The Information Technology and Innovation Foundation says that 92% of the 300 most popular federal websites lack security basics. And they lack the proper performance and accessibility to people with disabilities. Now that study’s based on a November 2016 analysis of the website.
Now you and I, if we have a website and we have compromises like what federal government has had, you and I, we’re gonna get fines. And I’m talking about PCI. If you take credit cards and you have credit card information on any of your systems, and those systems are compromised, we’re talking about a $150 for every credit card transaction that you’ve. Think about how that adds up. So if you had a thousand credit card transactions in your database on your machine, that’s $150,000 fine. And in some cases the fines are much higher for personally identifiable information. For healthcare information, etcetera. You and I could go to jail depending on what happens here. You and I could definitely lose our jobs. What’s happening? The federal level? Absolutely nothing. 92% of these sites don’t even have basic security safeguards.
So I’ll leave you with that today. Think about that for a little bit as we’re preparing some training for all of you listeners and for other customers that we’ve had as we advance our training here on security. Are you security? Have you secured your computers? Do you have healthcare information? By the way, if you’re a business, you probably do because you’re probably providing some form of healthcare insurance. So think about all of that. Let’s get this fixed and if anybody has any sort of advice on what you think federal government can do to fix this glaring problem they have, let me know. I’d love to hear your thoughts. Your inputs. You can just text me. Pick up your phone, text it to 855-385-5553. And you’ll find my text number right there in my homepage http://CraigPeterson.com. Hopefully we’ll get a little TechSanity here. Have a great day. We’ll chat tomorrow. Bye-bye.