• on Oct 25th, 2013 in OIG | 0 comments

    On July 26, 1775, all you needed to deliver the mail was a strong back and a fast horse. In 2013, the tools required to move 40 percent of the world’s mail sound more at home in science fiction. Robots, supercomputers, 23 petabytes of digital storage (that’s 24,117,248 Gigabytes), and one of the world’s largest computer networks help deliver letters and parcels across the globe. Like any organization of its size and profile, the Postal Service regularly sees malicious activity directed at its network. The Office of Inspector General's Computer Crimes Unit (CCU) works closely with the Postal Service's Corporate Information Security Office to investigate and prosecute threats to Postal Service networks and information resources.




    Information security is a shared responsibility and we need your help to keep the Postal Service network secure. So as we close out National Cyber Security Awareness Month, we share some simple steps that go a long way toward improving security:

    • Keep a clean computer – keep your anti-virus, operating system, and software programs updated. Many attacks exploit vulnerabilities in unpatched systems that could be prevented simply by keeping current with updates.
    • Be wary of emails and websites soliciting personal information or login credentials, even if they look real. Also be suspicious of unexpected emails, especially those with attachments.
    • Use strong passwords – good passwords use a mix of upper and lowercase letters, and numbers and symbols. Use different passwords for each of your accounts
    • For our customers, beware of bogus package delivery notification messages and Change of Address websites. Find out about these schemes and how to avoid becoming a victim on the Postal Inspection Service's (https://postalinspectors.uspis.gov/pressroom/schemealerts.aspx) page.
    • For Postal employees and contractors, please stay vigilant and report suspected security incidents or suspicious activity immediately to the Computer Incident Response Team at USPSCIRT[at]usps[dot]gov or call 866-USPS-CIRT (866-877-7247).

    For more information on how to stay safe online, visit http://www.staysafeonline.org/.

    We’re here to support our Postal Service customers around the clock and can be reached via the OIG main number at 703-248-2100. You can also report security incidents to us online via the OIG Hotline or at 888-USPS-OIG (888-877-7644).

    We welcome your input on information security. If you are a business, how do you educate your employees and customers about the importance of information security? Consumers and employees, are there ways the Postal Service could strengthen their systems? 

  • on Oct 18th, 2013 in Strategy & Public Policy | 1 comment

    Last month, the U.S. Postal Service awarded the contract for a pilot program for a cloud-based identity management system called the Federal Cloud Credential Exchange (FCCX). Using a closed communications network, or "digital pipelines", the Postal Service will deliver digital packets ("envelopes") of secure identity data between government agencies and private or public identity providers. The idea is that a person could use an identity from one of many providers, such as a financial institution or utility, to access different government websites, as long as the identity met a required level of security. This should be far more convenient than logging in to separate services with multiple identities and passwords.

    Government and identity provider participants in FCCX have not been finalized. But the Veterans Administration is on board, and other potential participants, such as the Internal Revenue Service, Department of Education, and Social Security Administration, have been working with the Postal Service on the requirements and standards for the pilot.

    Once the digital pipelines have been established, they can be applied to a number of processes that require secure communications. For example, the Internet of Things, the networked interconnection of everyday objects, may include high-risk communications, such as between medical monitors and medication dispensers, mobile payment sites and financial institutions, or electric meters and power companies. The Postal Service recognizes the potential value of playing an enabling role and has made a move to secure a position in the digital world. Nextgov.com reports that the Postal Service has recently filed for a number of digitally oriented trademarks to cover services in data encryption, secure communications, and electronic document management.

    What do you think? Can the Postal Service bring greater security and privacy to online communications and transactions?