Assemblyman Dave Rible said a recent report by the state attorney general that New Jersey faces more than a million hacking attempts per month underscores the need to enact legislation he sponsors (A-2724) that safeguards information collected on New Jersey students.
“As we have seen with celebrity hacking scandals and massive corporate data breaches, no information is totally safe,” said Rible, R-Monmouth and Ocean. “This is another reminder that criminals are constantly trying to access our personal data and we need to be extremely careful with all of our sensitive information. This report further illustrates the dangers of collecting sensitive information, especially information on our children, which, in the wrong hands, could cause irreparable damage.”
At a recent conference, the state’s Acting Attorney General John Hoffman noted New Jersey has thwarted millions of attempts to access information and these attempts are on the rise. Rible has advocated for legislation to protect student information and give parents more rights to prevent the release of information about their children.
[TLS]
Having read (A-2724) as it stands, it is a good first step to get it on the table. The challenge is establishing real Governance, specific regulation and a well funded robust infrastructure.
Students and parents having a say in what Private Information may or may not be disclosed gives them some sense of control and perhaps some legal protections for their right to privacy. But there is a larger issue here. The mere mention of Cyber-Attack in this article implies an entirely different set of governance. Protecting the data from the outside and inside. Accountability for breaches caused by insiders (staff and students who know how to circumvent the controls by using proxies to access the internet and exposing the entire system to malware and viruses) intentionally or inadvertently. This is besides protecting from outside attackers from identity theft criminals or predators.
Deciding which information can and cannot be stored or shared with other entities, agencies etc., is a thorny issue. Their may be law enforcement needs, judicial actions, child and family services that need such information. There is much detail to be worked out. You can’t solve the problem by eliminating vital records to protect them. Regulations and standards for data-encryption on site storage and across networks, rules based perimeter protection, policy based user access controls (students and staff) and a robust infrastructure to support the necessary security controls is not only complex but costly. (Which is why most entities have been lax in this area until things blow up).
There are more than 17,000 public and private students that will need this protection in Lakewood township alone. Who will provide these mandatory services and who will pay for them at the municipal district level?
I suggest that the state must be the entity to provide the governance and regulation (my choice would be the State Police CCU Investigations Squad with input from the OC Prosecutor’s Office CyberCrime Unit who should also have vendor oversight for the project and bids and enforcement capabilities for any violations, incoming or outgoing.
As it stands now the bill is but a paragraph or two at this moment. It needs to address all of the above issues in detail, with fine tuned points of governance, regulation, implementation guidelines, accountability and enforcement as well as last but not least adequate funding. This needs to be several pages long, with detailed specifics after consultation and serious consideration by all the entities named above.
I think it is a great start, having many years of experience in such State-Municipal Cyber Security projects, I can assure you that all the issues I mentioned need to be fleshed out and codified. The project implementation must be managed properly, funded adequately. be monitored constantly and have State and County oversight in all areas from governance and enforcement to vendor management.
This is a great first step from the privacy angle but there is a bigger picture that needs attention.
As Assemblyman Rible so astutely points out, (and in so many ways have said so here on TLS numerous times) “This is another reminder that criminals are constantly trying to access our personal data and we need to be extremely careful with all of our sensitive information. This report further illustrates the dangers of collecting sensitive information, especially information on our children, which, in the wrong hands, could cause irreparable damage.”
The Assemblyman is 100% correct. Let’s hope he gets the backing and support necessary to handle the full threat that we are facing. And I might add not only to our educational system.
We have some great resources in the State Police Cyber Crimes Unit and the Ocean County Prosecutor’s Office High-Tech Crime Unit that should definitely have input and active participation to make this a showcase of success for Lakewood in particular and the great state of New Jersey.
We didn’t have that problem when everyone used a pen and paper. That was impossible to hack.