Research

Information Security: OPM Has Improved Controls, but Further Efforts Are Needed

The Office of Personnel Management (OPM) collects and maintains personal data on millions of individuals, including data related to security clearance investigations. In 2015, OPM reported significant breaches of personal information that affected 21.5 million individuals. The Senate report accompanying the Financial Services and General Government Appropriations Act, 2016 included a provision for GAO to review information security at OPM. GAO evaluated OPM's (1) actions since the 2015 reported data breaches to prevent, mitigate, and respond to data breaches involving sensitive personnel records and information; (2) information security policies and practices for implementing selected government-wide initiatives and requirements; and (3) procedures for overseeing the security of OPM information maintained by contractors providing IT services. To do so, GAO examined policies, plans, and procedures and other documents; tested controls for selected systems; and interviewed officials. This is a public version of a sensitive report being issued concurrently. GAO omitted certain specific examples due to the sensitive nature of the information.

GAO is making five recommendations to improve OPM's security. OPM concurred with four of these and partially concurred with the one on validating its corrective actions. GAO continues to believe that implementation of this recommendation is warranted. In GAO's limited distribution report, GAO made nine additional recommendations.

Rural Libraries in the United States: Recent Strides, Future Possibilities, and Meeting Community Needs

“” explores nuances of rurality, details challenges rural libraries face in maximizing their community impacts and describes how existing collaborative regional and statewide efforts help rural libraries and their communities. Authors Brian Real and Norman Rose combine data from the final Digital Inclusion Survey with Public Libraries Survey data from the Institute of Museum and Library Services to find:

  • Rural library broadband capacity falls short of benchmarks set for US home access, which is 25 Mbps download and 4 Mbps upload speeds. By contrast, rural fringe libraries average 13/8.6 Mbps, rural distant is 7.7/2.2 Mbps and rural remote is 6.7/1 Mbps.
  • Overall, one in 10 rural libraries report their internet speeds rarely meet patron needs.
  • Rural libraries are on par with colleagues in larger communities in terms of public Wi-Fi access and providing patrons’ assistance with basic computer and internet training, but more specialized training and resources can lag.
  • More than half of all rural libraries offer programs that help local residents apply for jobs and use job opportunity resources (e.g., online job listings, resume software), and rural libraries are comparable to their peers in providing work space for mobile workers.

The authors consider the roles of state and regional cooperation in adding capacity and resources for rural libraries, looking at examples from Maryland and Iowa.

A 21st-Century Town Hall?

This report introduces students to the field of civic technology and the possibility that it could help to amplify citizen engagement. Rather than providing an exhaustive academic study of this topic or an in-depth exploration of a single organization, the case begins with a broad overview of the field (and several of the debates affecting it) and then contains a series of vignettes about three organizations in this space: the City of Chicago, Neighborly, and the City of Boston’s Mayor’s Office of New Urban Mechanics. It aims to stimulate discussion around three core questions.

  • First, what is civic technology, and what are some of the core forces, tensions, and debates shaping the field?
  • Second, what are some of the most important considerations for civic technology organizations that are aiming to engage citizens in the democratic process and governmental decision-making?
  • Third, where does civic technology—and, along with it, our conceptions of citizenship and engagement—go from here?

ISAO SP 4000: Protecting Consumer Privacy in Cybersecurity Information Sharing V1.0

The purpose for this document is assist risk managers in making decisions with respect to privacy when sharing cybersecurity information. It builds upon the previously published basic principles by outlining actions to promote efficient and effective information sharing while minimizing the impact on privacy interests. Importantly, this document reflects the contributions of industry, civil society, and the government. This document supplements ISAO 300-1 Introduction to Information Sharing, Section 9 Information Privacy.

GAO Report: Internet of Things: Communities Deploy Projects by Combing Federal Support with Other Funds and Expertise

Communities are increasingly deploying IoT devices generally with a goal of improving livability, management, service delivery, or competitiveness. GAO was asked to examine federal support for IoT and the use of IoT in communities. This report describes: (1) the kinds of efforts that selected federal agencies have undertaken to support IoT in communities and (2) how selected communities are using federal funds to deploy IoT projects.

GAO reviewed documents and interviewed officials from 11 federal agencies identified as having a key role in supporting IoT in communities, including agencies that support research or community IoT efforts or that have direct authority over IoT issues. GAO interviewed a non-generalizeable sample of representatives from multiple stakeholder groups in four communities, selected to include a range of community sizes and locations and communities with projects that used federal support. GAO also reviewed relevant literature since 2013 and discussed federal efforts and community challenges with 11 stakeholders from academia and the private sector, selected to reflect a range of perspectives on IoT issues. GAO requested comments on a draft of this product from 11 federal agencies. Five agencies provided technical comments, which GAO incorporated as appropriate. Six agencies did not provide comments.

Democrats more likely than Republicans to say online harassment is a major problem

Some 14% of US adults say they have been targeted for online harassment or abuse because of their political views, according to a new report from Pew Research Center. And while Republicans and Democrats are about equally likely to have been harassed online because of their political views (15% vs. 13%), there are some notable partisan differences in their views of the issue. Democrats are more likely than Republicans to say they have heard a great deal about the topic of online harassment (38% vs. 25%). In addition, a larger share of Democrats than Republicans (69% vs. 54%) consider online harassment to be a major problem.

Regardless of political affiliation, women in both parties are more likely than their male counterparts to view online harassment as a major problem, to think offensive content online isn’t taken seriously enough and to prioritize safe spaces over people being able to express themselves freely online.

Since Trump’s Election, Increased Attention to Politics – Especially Among Women

Following the 2016 election, which had one of the largest gender gaps in history, women are more likely than men to say they are paying increased attention to politics. And while far more Democrats than Republicans say they have attended a political event, rally or protest since the election, Democratic women – especially younger women and those with postgraduate degrees – are among the most likely to have participated in such a political gathering.

The latest national survey by Pew Research Center, conducted June 27 to July 9 among 2,505 adults, finds that 52% of Americans say they are paying more attention to politics since Donald Trump’s election; 33% say they are paying about the same amount of attention, while 13% say they are paying less attention to politics. The new survey also finds that, nearly nine months after the election, most people (59%) say it is “stressful and frustrating” to talk about politics with people who have a different opinion of Trump than they do; just 35% find such conversations “interesting and informative."

GAO Report: FirstNet Has Made Progress Establishing the Network, but Should Address Stakeholder Concerns and Workforce Planning

The US Government Accountability Office was asked to review FirstNet’s progress and efforts to ensure the network is reliable, secure, and interoperable. GAO (1) examined FirstNet’s efforts to establish the network; (2) obtained stakeholder views on network reliability, security, and interoperability challenges FirstNet faces and its efforts to address them; and (3) assessed FirstNet’s plans to oversee its network contractor. GAO reviewed FirstNet documentation, key contract oversight practices identified in federal regulations and other sources, tribal communication practices identified by federal agencies, and assessed FirstNet’s efforts and plans against these practices. GAO also interviewed FirstNet officials and a nongeneralizable selection of publicsafety, tribal, and other stakeholders selected to obtain a variety of viewpoints. GAO recommends that FirstNet fully explore tribal stakeholders’ concerns and assess its long-term staffing needs. FirstNet agreed with GAO’s recommendations.

GAO Report: Telehealth: Use in Medicare and Medicaid

Do Medicare and Medicaid pay when beneficiaries use two-way video visits to get care from their doctors? It depends. Medicare pays for some two-way video visits—referred to as "telehealth"—if the patients connect from rural health facilities. Medicare is testing new ways to provide health care that allow telehealth coverage regardless of location. Under Medicaid, states may cover different types of telehealth services from different types of care providers. In the 6 states we reviewed, officials from states that were generally more rural said they used telehealth more frequently than officials from more urban states.

At Our Own Peril: DoD Risk Assessment in a Post-Primacy World

The US Department of Defense (DoD) faces persistent fundamental change in its strategic and operating environments. This report suggests this reality is the product of the United States entering or being in the midst of a new, more competitive, post-US primacy environment. Post-primacy conditions promise far-reaching impacts on US national security and defense strategy. Consequently, there is an urgent requirement for DoD to examine and adapt how it develops strategy and describes, identifies, assesses, and communicates corporate-level risk. From a defense strategy and planning perspective, post-primacy has five basic defining characteristics including: Hyperconnectivity and the weaponization of information, disinformation, and disaffection.