It’s been a rough nine months for federal cybersecurity. The huge Office of Personnel Management (OPM) hack is just the latest in a series of incidents that make people skeptical of Washington’s ability to protect their personal information. Since last fall, we’ve witnessed hacks of the:
- OPM. Last week’s cybersecurity failure at OPM wasn’t its first run-in with hackers. In March 2014, hackers broke into OPM networks in an attempt to exfiltrate information about security clearances. Federal authorities claimed to have blocked the hackers from the network, but last week’s OPM cybersecurity failure should make us skeptical.
- Government Publication Office and Government Accountability Office. These two offices got hacked at the same time as OPM last year.
- US Postal Service. On November 10, 2014, the USPS confirmed an intrusion into its network that resulted in the compromise of the data of more than 800,000 employees.
- State Department. On November 17, 2014, the State Department said that its unclassified email systems had been compromised a month earlier. Three months after the initial intrusion, the State Department was still unable to eradicate the effects of the attack.
- National Oceanic and Atmospheric Administration. On November 12, 2014, NOAA confirmed that hackers had breached four of its websites.
- President of the United States. The same attackers that breached the State Department in November 2014 compromised the White House’s unclassified email system about a month later and gained access to President Obama’s email.
These hacks obviously have enormous implications for cybersecurity professionals in both the public and private sectors. However, in a recent research report I co-authored, we went beyond cybersecurity issues to also look at the impact of these hacks on federal digital customer experience (CX) improvement efforts.
Don’t think these hacks will have any effect on federal digital CX? Consider this:
Even before these high-profile hacks, Americans didn’t trust federal agencies with their personal data. A Forrester survey showed that:
- Just 35% of Americans trusted the federal government to keep their personal data secure.
- About 40% of Americans who weren’t interested in federal mobile apps offering location-based services named information security and privacy concerns as a reason.
- Over 40% of Americans who expressed disinterest in a single sign-on credential for federal digital services said information security and privacy problems were a reason.
As major hacking incidents like these continue to erode the public’s trust in federal cybersecurity, people will become more skeptical than ever about using federal digital services – even when they are as convenient as location-based and single sign-on systems. This erosion of public trust in federal digital CX will:
- Slow the rollout of new federal digital services. Thanks to help from 18F and the US Digital Service (USDS), federal agencies have increased the speed at which they roll out new digital services. That trend is about to end. Spooked by high-profile cybersecurity incidents, federal program managers will slow development of new digital services in order to re-evaluate their security.
- Cause additional friction in the federal CX community. Enthusiastic staffers at 18F and the USDS may bristle at the delays, worsening the tensions that already exist between these agile digital workshops and their more cautious agency partners.
- Undermine adoption of even the most secure new digital services. It doesn’t matter how secure new federal digital services may be. If customers don’t think they’re secure, customers won’t use them. That means federal agencies that roll out even the safest new digital services in this climate of public distrust could find they don’t get the return on investment that they’d hoped.
- Hurt federal recruitment and retention of digital CX talent. Unhappy or disenfranchised digital CX pros in 18F, the USDS, or agencies’ own internal CX shops could emigrate to private sector jobs where they can move faster because the security stakes are lower.
Rick Parrish is part of the GovLoop Featured Blogger program, where we feature blog posts by government voices from all across the country (and world!). To see more Featured Blogger posts, click here.
Really informative post, Rick. I’ve read a lot of stories about the OPM hack; it’s incredible (in the most terrifying way) to see it put into the context of a trend in cybersecurity failings. You list some serious consequences that will inevitably follow. Do you see a way to prevent erosion of the federal digital CX in spite of these incidents?
Hi, Olivia! I’m glad you found my post valuable. It is actually possible that a slowdown in federal digital CX expansion is a good thing. As I’ve posted about previously here on Govloop, Forrester survey data shows that the public isn’t overwhelmingly excited about federal digital CX, anyway. So a slowdown for whatever reason might actually stop agencies from spending money on new digital touchpoints that people aren’t going to use, anyway.
Setting that issue aside, if I were running a federal digital touchpoint I would consider doing two things right now:
1) Adding some highly-visible, easy-to-understand language telling customers what my team is doing to keep their information secure.
2) Looking at ways to roll out lower-functionality options that don’t require customers to enter personally-identifiable information.
What do you think? Any other ways to keep people coming to federal digital touchpoints?
Thanks for your informative post, which I have just tweeted (using the hash tag of #govcs for government customer service). Your suggestion that it might be a good thing for agencies to slow down down the expansion of digital gov is not a bad idea either. Personally, I would like to see agencies focus more on citizen feedback and really understanding what their customers want them to do before embarking on new initiatives.
BTW, do you some thoughts on why we still have hundreds if not thousands of zombie federal websites that have outlived their usefulness but never die?
Thanks for your interest in my post, Bernie! I’m glad you found it valuable. I completely agree that agencies should focus more on understanding what their customers want before rolling out new things.
That said, I’m disheartened to find that some opponents of the administration’s digital customer experience focus are trying to cut back funding for these initiatives. Federal agencies still need the money — they just need to use it for more customer research prior to building new channels and touchpoints. Good customer research takes time and money.
Ha! Zombie sites! I should look into this issue more. Thanks for bringing it up.