Information Systems and Cybersecurity – Annual Report 2017
The Judiciary is committed to maintaining secure, robust, and flexible technology systems that meet the changing needs of judges, court staff, and the public.
The AO frequently sends messages like this one to Judiciary employees to emphasize the importance of online security.
Strengthening IT Security
Responding to the ever-growing risk of cyberattacks, the Judiciary has taken steps in recent years to counter a range of threats posed by hackers, computer viruses, and other malicious acts. Efforts to adopt even more robust security measures to protect the Judiciary’s data and information technology assets continued in 2017.
In partnership with the courts, the Administrative Office of the U.S. Courts (AO) developed and launched a mandatory IT security “scorecard,” enabling courts to conduct annual IT security self-assessments. This resource helps court units identify IT security vulnerabilities, channel resources to address them, and bolster the Judiciary’s overall IT security posture. The AO is providing centralized capabilities and services to the courts to assist in their efforts. These include nationally managed firewalls and tools to simplify applying software security patches and analyzing computer logs for potential threats.
In 2017, the Judicial Conference approved a requirement for courts to implement mandatory independent security assessments. The assessments will begin in 2018 and be conducted at least once every five years. The goal is to evaluate management, technical, and operational safeguards; provide courts with objective insight into areas outside the self-assessment’s scope; and validate whether the self-assessment program is improving courts’ IT security posture. Implementation plans have been guided by advice from court unit executives. The program is expected to begin in 2018.
Judiciary-Wide Hosting Services
The AO has been steadily expanding its enterprise hosting service to improve manageability for its court customers, enhance security, and make more efficient use of hosting resources. Most courts now access their national case management, jury management, email, telephone service, and other systems over the Judiciary’s Data Communications Network from one of two national data centers.
Enterprise hosting and cloud computing services provide court units with centrally managed infrastructure and other IT services, such as database storage, computer applications, and server support. A majority of court units now receive some form of centralized hosting, including continuity of operations support, hosting of local applications, and virtual desktops (an alternative to on-premises desktop computing using cloud technologies). The AO is also developing guidance on incorporating commercial cloud service offerings.