• on Oct 25th, 2013 in OIG | 0 comments

    On July 26, 1775, all you needed to deliver the mail was a strong back and a fast horse. In 2013, the tools required to move 40 percent of the world’s mail sound more at home in science fiction. Robots, supercomputers, 23 petabytes of digital storage (that’s 24,117,248 Gigabytes), and one of the world’s largest computer networks help deliver letters and parcels across the globe. Like any organization of its size and profile, the Postal Service regularly sees malicious activity directed at its network. The Office of Inspector General's Computer Crimes Unit (CCU) works closely with the Postal Service's Corporate Information Security Office to investigate and prosecute threats to Postal Service networks and information resources.




    Information security is a shared responsibility and we need your help to keep the Postal Service network secure. So as we close out National Cyber Security Awareness Month, we share some simple steps that go a long way toward improving security:

    • Keep a clean computer – keep your anti-virus, operating system, and software programs updated. Many attacks exploit vulnerabilities in unpatched systems that could be prevented simply by keeping current with updates.
    • Be wary of emails and websites soliciting personal information or login credentials, even if they look real. Also be suspicious of unexpected emails, especially those with attachments.
    • Use strong passwords – good passwords use a mix of upper and lowercase letters, and numbers and symbols. Use different passwords for each of your accounts
    • For our customers, beware of bogus package delivery notification messages and Change of Address websites. Find out about these schemes and how to avoid becoming a victim on the Postal Inspection Service's (https://postalinspectors.uspis.gov/pressroom/schemealerts.aspx) page.
    • For Postal employees and contractors, please stay vigilant and report suspected security incidents or suspicious activity immediately to the Computer Incident Response Team at USPSCIRT[at]usps[dot]gov or call 866-USPS-CIRT (866-877-7247).

    For more information on how to stay safe online, visit http://www.staysafeonline.org/.

    We’re here to support our Postal Service customers around the clock and can be reached via the OIG main number at 703-248-2100. You can also report security incidents to us online via the OIG Hotline or at 888-USPS-OIG (888-877-7644).

    We welcome your input on information security. If you are a business, how do you educate your employees and customers about the importance of information security? Consumers and employees, are there ways the Postal Service could strengthen their systems? 

  • on Oct 18th, 2013 in Strategy & Public Policy | 1 comment

    Last month, the U.S. Postal Service awarded the contract for a pilot program for a cloud-based identity management system called the Federal Cloud Credential Exchange (FCCX). Using a closed communications network, or "digital pipelines", the Postal Service will deliver digital packets ("envelopes") of secure identity data between government agencies and private or public identity providers. The idea is that a person could use an identity from one of many providers, such as a financial institution or utility, to access different government websites, as long as the identity met a required level of security. This should be far more convenient than logging in to separate services with multiple identities and passwords.

    Government and identity provider participants in FCCX have not been finalized. But the Veterans Administration is on board, and other potential participants, such as the Internal Revenue Service, Department of Education, and Social Security Administration, have been working with the Postal Service on the requirements and standards for the pilot.

    Once the digital pipelines have been established, they can be applied to a number of processes that require secure communications. For example, the Internet of Things, the networked interconnection of everyday objects, may include high-risk communications, such as between medical monitors and medication dispensers, mobile payment sites and financial institutions, or electric meters and power companies. The Postal Service recognizes the potential value of playing an enabling role and has made a move to secure a position in the digital world. Nextgov.com reports that the Postal Service has recently filed for a number of digitally oriented trademarks to cover services in data encryption, secure communications, and electronic document management.

    What do you think? Can the Postal Service bring greater security and privacy to online communications and transactions?

This site provides a forum to discuss different aspects of the United States Postal Service and how it can be improved. We encourage you to share your comments, ideas, and concerns.

This is a moderated site—we will review all comments before posting them. We expect that participants will treat each other with respect. We will not post comments that contain vulgar language, personal attacks of any kind, or offensive terms that target specific individuals or groups. We will not post comments that are clearly off-topic or that promote services or products. Comments that make unsupported accusations will also not be posted.

We ask that reporters send questions to the USPS OIG Media Office through their normal channels and refrain from submitting questions here as comments. We will not post questions from reporters.

We recognize that the Web is a 24/7 medium, and your comments are welcome at any time. Given the need to manage Federal resources effectively, however, we will review comments and post them from 9:00 a.m—5:00 p.m Eastern Time, Monday through Friday. We will read and post comments submitted after hours, on weekends, or on holidays as early as possible the next business day.

To protect your own privacy, and the privacy of others, please do not include personal information or personally identifiable information such as names, addresses, phone numbers or e-mail addresses in the body of your comment.

Except when specifically noted, any views or opinions expressed on this forum (or any other forums available via an RSS feed) are those of the individual bloggers. The views and posted comments do not necessarily reflect those of the U.S. Postal Service Office of Inspector General, or the Federal government.

Thank you for taking the time to read this comment policy and disclaimer. We plan to blog weekly on as many emerging new media topics as possible. We encourage your participation in our discussion and look forward to an active exchange of ideas.