MTAC USPS Chief Information Office April 2017 Flexible Data Provisioning in IV Informed Visibility (IV) gives you the power to get: what you want Bundle Visibility Logical Nesting Logical Delivery Events Custom select and filter data when you want Ad hoc, one-time query Scheduled data feed (as often as every minute) Near real-time mail tracking how you want One-time query or subscription (data feed) Select file formats (legacy IMb Tracing PKG, delimited, Mail.XML) View online, download, or send to server IV Pilot Status ® 11 Pilot Participants Total Files Provisioned Total Scans Provisioned 8.8K 1.7M Match Rates to Legacy 99.1% Container 22K 11M 99.2%* 97K 8.6B 99.9% Handling Unit To be expanded to additional participants on 5/1 8 Data Transfer and File Formats Supported * Metric depicted is for tray automation scans Piece Now Available For Pilot Logical Out for Delivery Event Logical Delivery Event 3 Secure File Transfer Protocol • USPS is retiring non-secure transmission • Several applications currently use non-secure FTP USPS Corporate Information Security Office Mailers Technical Advisory Committee Last Updated: 04/18/2017 This document provides an outline of a presentation and is incomplete without the accompanying oral commentary and discussion. Conclusions and/ or potential strategies contained herein are NOT necessarily endorsed by Pfizer management. Any implied strategy herein would be subject to management, regulatory and legal review and approval befor e implementation. Table Of Contents Topic Page Mail Industry Trends 3 Emerging Threats 4 An Emerging Threat For Mailers 5 Challenges Protecting the Postal Service’s Large Network 6 Postal Service Cybersecurity Overview 7 CyberSafe at USPS™ Overview 8 Conclusion 13 6 Mail Industry Trends The digital age is changing the mailing industry and how customers interact with mail. To meet customers’ evolving expectations and grow business, the Postal Service is developing new technologies and offering new services. Customer Expectations Faster Mail Access On Many Devices Active Control • More than 8,500 pieces of automated processing equipment used to speed up the delivery of mail • Customers want to track their mail on many devices - laptops, phones and watches • MyUSPS allows customers to provide real-time delivery instructions • Flats Sequencing System (FSS) sorts “flat mail-” up to 12,000 pieces per hour • Mobile Delivery Devices provide real-time scanning for daily delivery operations • Informed Delivery gives customers digital previews on their mail before they get home • More than 263,000 MDDs used nationwide 7 Emerging Threats While the digital age creates many new opportunities and allows the Postal Service to innovate and deliver to their customers, it also creates new risks. Cyber attacks are on the rise, dramatically increasing costs to business and customers. Cyber Crime By The Numbers 429,000,000 60 hours identities were exposed in 2015 average amount of time it takes to recover from identity theft $575 billion $35 billion annual global economic cost of cybercrime global losses from credit card fraud by 2020 $26.4 million 1,000,000 what a data breach could cost an enterprise new malware threats released every day 8 An Emerging Threat For Mailers Mailers often use file transfer protocol (FTP) to transmit data quickly and easily. However, FTP creates significant security risks and the Postal Service is phasing it out to ensure the security of its network. FTP FTP Risks Safe Alternatives • Weak encryption protection • Secure File Transfer Protocol (SFTP) • Leaves passwords vulnerable • Electronic Data Interchange Internet Applicability Standard 2 (EDIINT AS2) • Susceptible to malware attacks • Parcel Data Exchange (PDX) The Postal Service is working to make communications with mailers more secure, with new protocols to send and receive files. 9 Challenges Protecting The Postal Service’s Large Network Protecting the Postal Service’s network from cyber adversaries requires a particularly robust effort because of the size and breadth of its network, which is one of the largest computer networks in the world. 11.5 214K Million legitimate emails handled per day 47K points of sale terminals maintained nationwide email accounts receiving Postal Service Information per day 381 million credit and debit card transactions processed annually in Post Offices and through usps.com 10 Postal Service Cybersecurity Overview To combat the rising threat of cyberattacks, the Postal Service established a Corporate Information Security Office (CISO). CISO is responsible for identifying and implementing industry-leading measures to safeguard the information of customers, partners, and employees. CISO Strategic Objectives Improve Management, Governance, Compliance, Education, and Risk Management Protect, Shield, and Defend the enterprise from cyber threats and Prevent disruptive cyber incidents Respond to and Recover from incidents, and Sustain operations when incidents occur Monitor the internal and external environments, and Detect and Hunt attacks on the network CISO ensures information security is a top priority for the Postal Service by investing in infrastructure, assets, and personnel to defend against advanced cyber threats. 11 CyberSafe At USPS™ Overview One of the greatest cyber threats to an organization is its own people. The Postal Service addresses the people dimension of cybersecurity through its Cybersafe at USPS™ program, which focuses on three main areas: awareness, training, and anti-phishing. CyberSafe Objectives Design and implement a strong cybersecurity awareness and training program to increase the organization’s ability to safeguard Postal Service information. Improve employee, supplier, and customer awareness of cyber threats and educate them on the key role they play in helping to protect against these threats. CyberSafe Focus Areas Awareness Raise awareness and create a ‘cybersafe’ culture across the USPS workforce both in the field and at HQ Training Enhance cybersecurity education such that it meets employee needs and addresses knowledge gaps Anti-phishing Equip employees to identify real-world threats and decrease the repeat offender population Our greatest technology solution isn’t about technology, it’s about people 12 Awareness For A Cybersafe Workforce An organization’s cybersecurity is only as strong as its weakest link, so CISO focuses on raising the awareness of everyone connected to the Postal Service network, including employees, customers, suppliers, and the general public. Awareness Channels Campaigns Reached over 600,000 employees through awareness campaigns CyberSafe at USPS™ Websites Distributed trending and need-to-know cybersecurity information relevant to USPS employees, suppliers, and customers through CyberSafe website Engagements Conducted multiple in-person engagements to increase awareness and educate employees on important cybersecurity topics 13 Training People On Cybersecurity Essentials In order for cybersecurity measures to be effective, employees must understand and apply best practices in their day-to-day work. CISO provides rigorous, mandatory trainings across the Postal Service to educate employees. These trainings are tailored by employee function to be responsive to individual needs. Training Wide Range of Subject Matters Fundamental trainings and more advanced courses on subjects like Payment Card Industry (PCI) Role-Based Learning Functional purpose tailored to the needs of individual roles New Game-Based Learning New approach to training that makes learning more interesting and memorable 14 Equipping Employees To Identify Real-World Phishing Threats CISO uses simulations that mimic cyberattack techniques such as phishing to test employees’ habits and identify common behavioral weaknesses. “Repeat Offenders”, or employees who fail more than two of these simulations, undergo additional intensive training to reduce their susceptibility to phishing. Anti-Phishing 1 Raising Awareness 2 Conducting Training 3 Evaluating 4 Taking Action Repeat Offender Corrective Actions Link managers with repeat offenders Target behavior change Enhance cybersecurity education Implement corrective action 15 What Is Next For Mitigating Cyber Risks: Behavior Change CISO is going beyond traditional education and training by using behavioral change to bolster its cybersecurity. CISO is working on applying behavioral economics to understand what causes people to fall victim to cyberattacks and identify ways to nudge them towards better practices. Priority Behavior Change Tools Leadership Enacted Values Using Cybersafe practices from leadership to cascade behavior throughout the organization Incentives Understanding how to use people’s natural desire for praise to encourage CyberSafe practices Social / Cultural Norms Conducting field assessments to understand group norms and identify knowledge gaps across groups Integrating behavioral change into awareness and training efforts fosters a culture of personal accountability in which employees actively monitor threats, respond to incidents, and boost cyber resilience. 16 Cybersecurity Enables Postal Service Business Postal Service employees, customers, suppliers, and more are all connected in the digital world and must work together to keep that world safe. CyberSafe at USPS™ enables these stakeholders to be educated and aware, especially when considering the massive scale of operations undertaken by the Postal Service every day. USPS Scale of Operations 506.4 $2.7 million mailpieces processed and delivered each day million dollars in online stamp and retail sales at usps.com per day 54,490 4.6 address changes processed per day million people who visit usps.com per day CISO Scale of Operations 176K 1.3 devices scanned each month million email messages blocked monthly due to viruses 1K malware attacks blocked weekly 17 USPS Information Technology Mailers Technical Advisory Committee April 2017 This document provides an outline of a presentation and is incomplete without the accompanying oral commentary and discussion. Conclusions and/ or potential strategies contained herein are NOT necessarily endorsed by Pfizer management. Any implied strategy herein would be subject to management, regulatory and legal review and approval befor e implementation. Table Of Contents Topic Page Introduction Achievements on Availability 4 Improved System Capacity 5 Secure Data Transfers 6 19 Postal Service Achievements on Availability Business Critical Services Service Availability 30-Day Availability Holiday Peak 2016 Move the Mail 16 Applications 100% 99.991% Delivery 28 Applications 99.993% 99.964% Revenue 18 Applications 99.993% 100% Customer Experience 15 Applications 99.988% 100% PMG “We take pride in the service we provide to our customers. It’s part of our culture.” IT takes pride in the service we provide to USPS and USPS customers. 20 Postal Service Improved System Capacity Improved System Capacity 21 Postal Service Secure Data Transfer Data Transfer Services (DTS) provides enterprise solutions for secure file transfer. The service includes: • External file exchange with business partners (B2B) • Internal file transfers between applications • Operations Support 24x7x365 B2B Electronic Data Exchange Serves as the primary conduit for electronic data flowing to/from USPS Business Partners/Major Mailers Currently exchanges files with 3,000+ Business Partners/Major Mailers Supports 75+ USPS internal applications across all major business functions Recommended Replacements for FTP External • AS2 • SFTP • Connect Direct • Amazon Cloud/Web Services/HTTPS • PDX/Web Services/HTTPS Processes Billions of dollars of financial transactions, HR data, Mail Flow data, Packaging Delivery and much more 99.73% Availability in FY17 For assistance in migrating to FTP replacements use these support services: eVS/PTR: Call the Package Services Helpdesk at 877-264-9693. Mailer Reporting: Call the PostalOne! Helpdesk at 800-522-9085. IMB Tracing: Call the IMB Tracing (Confirm) Helpdesk at 800-238-3150. 22
© Copyright 2024 Paperzz