MTAC
USPS Chief Information Office
April 2017
Flexible Data Provisioning in IV
Informed Visibility (IV) gives you the power to get:
what you want




Bundle Visibility
Logical Nesting
Logical Delivery Events
Custom select and filter data
when you want
 Ad hoc, one-time query
 Scheduled data feed (as often as every minute)
 Near real-time mail tracking
how you want
 One-time query or subscription (data feed)
 Select file formats (legacy IMb Tracing PKG, delimited, Mail.XML)
 View online, download, or send to server
IV Pilot Status
®
11
Pilot
Participants
Total Files
Provisioned
Total Scans
Provisioned
8.8K
1.7M
Match
Rates to
Legacy
99.1%
Container
22K
11M
99.2%*
97K
8.6B
99.9%
Handling Unit
To be expanded to
additional participants on
5/1
8
Data Transfer
and File
Formats
Supported
* Metric
depicted is
for tray
automation
scans
Piece
Now
Available
For Pilot
Logical Out
for Delivery
Event
Logical
Delivery Event
3
Secure File Transfer Protocol
• USPS is retiring non-secure transmission
• Several applications currently use non-secure FTP
USPS Corporate Information Security Office
Mailers Technical Advisory Committee
Last Updated: 04/18/2017
This document provides an outline of a presentation and is incomplete without the accompanying oral commentary and discussion. Conclusions and/ or potential strategies contained herein are NOT necessarily endorsed by
Pfizer management. Any implied strategy herein would be subject to management, regulatory and legal review and approval befor e implementation.
Table Of Contents
Topic
Page
Mail Industry Trends
3
Emerging Threats
4
An Emerging Threat For Mailers
5
Challenges Protecting the Postal Service’s
Large Network
6
Postal Service Cybersecurity Overview
7
CyberSafe at USPS™ Overview
8
Conclusion
13
6
Mail Industry Trends
The digital age is changing the mailing industry and how customers interact with mail. To meet customers’
evolving expectations and grow business, the Postal Service is developing new technologies and offering
new services.
Customer Expectations
Faster Mail
Access On Many
Devices
Active Control
• More than 8,500 pieces of
automated processing
equipment used to speed
up the delivery of mail
• Customers want to track
their mail on many
devices - laptops, phones
and watches
• MyUSPS allows customers
to provide real-time
delivery instructions
• Flats Sequencing System
(FSS) sorts “flat mail-” up
to 12,000 pieces per hour
• Mobile Delivery Devices
provide real-time scanning
for daily delivery operations
• Informed Delivery gives
customers digital previews
on their mail before they
get home
• More than 263,000 MDDs
used nationwide
7
Emerging Threats
While the digital age creates many new opportunities and allows the Postal Service to innovate and deliver
to their customers, it also creates new risks. Cyber attacks are on the rise, dramatically increasing costs to
business and customers.
Cyber Crime By The Numbers
429,000,000
60 hours
identities were exposed in
2015
average amount of time it takes
to recover from identity theft
$575 billion
$35 billion
annual global economic cost of
cybercrime
global losses from credit card
fraud by 2020
$26.4 million
1,000,000
what a data breach could cost
an enterprise
new malware threats released
every day
8
An Emerging Threat For Mailers
Mailers often use file transfer protocol (FTP) to transmit data quickly and easily. However, FTP creates
significant security risks and the Postal Service is phasing it out to ensure the security of its network.
FTP
FTP Risks
Safe Alternatives
• Weak encryption protection
• Secure File Transfer Protocol
(SFTP)
• Leaves passwords vulnerable
• Electronic Data Interchange
Internet Applicability
Standard 2 (EDIINT AS2)
• Susceptible to malware
attacks
• Parcel Data Exchange (PDX)
The Postal Service is working to make communications with mailers more secure,
with new protocols to send and receive files.
9
Challenges Protecting The
Postal Service’s Large Network
Protecting the Postal Service’s network from cyber adversaries requires a particularly robust effort because
of the size and breadth of its network, which is one of the largest computer networks in the world.
11.5
214K
Million legitimate
emails
handled per day
47K
points of sale
terminals
maintained
nationwide
email accounts
receiving Postal
Service
Information per day
381
million credit and
debit card
transactions
processed
annually in Post
Offices and
through usps.com
10
Postal Service
Cybersecurity Overview
To combat the rising threat of cyberattacks, the Postal Service established a Corporate Information Security
Office (CISO). CISO is responsible for identifying and implementing industry-leading measures to safeguard
the information of customers, partners, and employees.
CISO Strategic Objectives
Improve Management, Governance,
Compliance, Education, and Risk Management
Protect, Shield, and Defend the enterprise from
cyber threats and Prevent disruptive cyber
incidents
Respond to and Recover from incidents, and
Sustain operations when incidents occur
Monitor the internal and external environments,
and Detect and Hunt attacks on the network
CISO ensures information security is a top priority for the Postal Service by
investing in infrastructure, assets, and personnel to defend against advanced cyber
threats.
11
CyberSafe At USPS™ Overview
One of the greatest cyber threats to an organization is its own people. The Postal Service addresses the
people dimension of cybersecurity through its Cybersafe at USPS™ program, which focuses on three main
areas: awareness, training, and anti-phishing.
CyberSafe Objectives
 Design and implement a strong cybersecurity awareness and training program to
increase the organization’s ability to safeguard Postal Service information.
 Improve employee, supplier, and customer awareness of cyber threats and educate
them on the key role they play in helping to protect against these threats.
CyberSafe Focus Areas
Awareness
Raise awareness and create a
‘cybersafe’ culture across the USPS
workforce both in the field and at HQ
Training
Enhance cybersecurity education such
that it meets employee needs and
addresses knowledge gaps
Anti-phishing
Equip employees to identify real-world
threats and decrease the repeat
offender population
Our greatest technology solution isn’t about technology, it’s about people
12
Awareness For A
Cybersafe Workforce
An organization’s cybersecurity is only as strong as its weakest link, so CISO focuses on raising the
awareness of everyone connected to the Postal Service network, including employees, customers,
suppliers, and the general public.
Awareness Channels
Campaigns
Reached over 600,000 employees through
awareness campaigns
CyberSafe at USPS™ Websites
Distributed trending and need-to-know
cybersecurity information relevant to
USPS employees, suppliers, and customers
through CyberSafe website
Engagements
Conducted multiple in-person
engagements to increase awareness
and educate employees on important
cybersecurity topics
13
Training People On
Cybersecurity Essentials
In order for cybersecurity measures to be effective, employees must understand and apply best practices in
their day-to-day work. CISO provides rigorous, mandatory trainings across the Postal Service to educate
employees. These trainings are tailored by employee function to be responsive to individual needs.
Training
Wide Range of Subject Matters
Fundamental trainings and more
advanced courses on subjects like
Payment Card Industry (PCI)
Role-Based Learning
Functional purpose tailored to the
needs of individual roles
New Game-Based Learning
New approach to training that makes
learning more interesting and
memorable
14
Equipping Employees To
Identify Real-World Phishing Threats
CISO uses simulations that mimic cyberattack techniques such as phishing to test employees’ habits and
identify common behavioral weaknesses. “Repeat Offenders”, or employees who fail more than two of
these simulations, undergo additional intensive training to reduce their susceptibility to phishing.
Anti-Phishing
1
Raising
Awareness
2
Conducting
Training
3
Evaluating
4
Taking Action
Repeat Offender Corrective Actions

Link managers with repeat offenders

Target behavior change

Enhance cybersecurity education

Implement corrective action
15
What Is Next For Mitigating Cyber Risks:
Behavior Change
CISO is going beyond traditional education and training by using behavioral change to bolster its
cybersecurity. CISO is working on applying behavioral economics to understand what causes people to fall
victim to cyberattacks and identify ways to nudge them towards better practices.
Priority Behavior Change Tools
Leadership
Enacted Values
Using Cybersafe practices from
leadership to cascade behavior
throughout the organization
Incentives
Understanding how to use people’s
natural desire for praise to encourage
CyberSafe practices
Social / Cultural Norms
Conducting field assessments to
understand group norms and identify
knowledge gaps across groups
Integrating behavioral change into awareness and training efforts fosters a culture
of personal accountability in which employees actively monitor threats, respond to
incidents, and boost cyber resilience.
16
Cybersecurity Enables
Postal Service Business
Postal Service employees, customers, suppliers, and more are all connected in the digital world and must
work together to keep that world safe. CyberSafe at USPS™ enables these stakeholders to be educated
and aware, especially when considering the massive scale of operations undertaken by the Postal Service
every day.
USPS Scale of Operations
506.4
$2.7
million mailpieces
processed and
delivered each day
million dollars in
online stamp and
retail sales at
usps.com per day
54,490
4.6
address changes
processed per day
million people
who visit
usps.com per
day
CISO Scale of Operations
176K
1.3
devices scanned
each month
million email messages
blocked monthly due to
viruses
1K
malware attacks
blocked weekly
17
USPS Information Technology
Mailers Technical Advisory Committee
April 2017
This document provides an outline of a presentation and is incomplete without the accompanying oral commentary and discussion. Conclusions and/ or potential strategies contained herein are NOT necessarily endorsed by
Pfizer management. Any implied strategy herein would be subject to management, regulatory and legal review and approval befor e implementation.
Table Of Contents
Topic
Page
Introduction
Achievements on Availability
4
Improved System Capacity
5
Secure Data Transfers
6
19
Postal Service
Achievements on Availability
Business Critical Services
Service Availability
30-Day
Availability
Holiday Peak
2016
Move the Mail
16 Applications
100%
99.991%
Delivery
28 Applications
99.993%
99.964%
Revenue
18 Applications
99.993%
100%
Customer Experience
15 Applications
99.988%
100%
PMG “We take pride in the service we provide to our customers. It’s part of our culture.”
IT takes pride in the service we provide to USPS and USPS customers.
20
Postal Service
Improved System Capacity
Improved System Capacity
21
Postal Service
Secure Data Transfer
Data Transfer Services (DTS) provides enterprise solutions for secure
file transfer. The service includes:
•
External file exchange with business partners (B2B)
•
Internal file transfers between applications
•
Operations Support 24x7x365
B2B Electronic Data Exchange
 Serves as the primary conduit for
electronic data flowing to/from USPS
Business Partners/Major Mailers
 Currently exchanges files with 3,000+
Business Partners/Major Mailers
 Supports 75+ USPS internal
applications across all major business
functions
Recommended Replacements for FTP
 External
• AS2
• SFTP
• Connect Direct
• Amazon Cloud/Web Services/HTTPS
• PDX/Web Services/HTTPS
 Processes Billions of dollars of financial
transactions, HR data, Mail Flow data,
Packaging Delivery and much more
 99.73% Availability in FY17
For assistance in migrating to FTP replacements use these support services:
 eVS/PTR: Call the Package Services Helpdesk at 877-264-9693.
 Mailer Reporting: Call the PostalOne! Helpdesk at 800-522-9085.
 IMB Tracing: Call the IMB Tracing (Confirm) Helpdesk at 800-238-3150.
22