Q&A: How the Postal Service Thinks It Can Predict the Next Cyber Breach

David Goldman/AP File Photo

The agency's manager for data science and exploration told Nextgov his team plans to use predictive analytics to foresee future cyberintrusions.

Following the cyber intrusion at the U.S. Postal Service last year, which compromised the personal information of more than 800,0000 current and former employees, the agency says it now wants to use predictive systems to stop the next cyberattack. 

That’s just one of many projects emerging from the agency's Data Science and Exploration office. It's also trying to use sensors to make its physical operations more efficient, pinpointing the number of employees needed for a predicted number of packages about 10 days in advance. 

Dan Houston, manager of the data office, spoke with Nextgov about these and other upcoming technology efforts at USPS. This conversation has been edited for length and clarity.

NG: Give us a picture of what USPS will look like in the near future. 

DH: For the future, we’re looking at more predictive and prescriptive analytics. We want to be able to start telling on our business side -- in particular with plant operations -- what volume of mail and packages they can expect, what machines they’re going to need to run at which time to actually process that volume, and at some point how many people you need for each one of those machines to actually meet our service standards.

[For cyber], we’re very interested in moving from the traditional threshold of “somebody’s working after this time, they’re logged into more than one machine, they’ve moved this amount of data.” We’re starting to establish true baselines for [employees], so we come up with "risk scores" and leveraging changes in risk scores as places where we need to start doing further investigation. It’s not necessarily, "As risk score moves, we think something bad has happened," but we think, "As a risk score moves, we need to do a little further investigation" to see if maybe a credential has been compromised, or even worse, if it’s some sort of inside threat where someone’s trying to steal data from inside the environment and sell it elsewhere.

We definitely want to get to where we can establish risk scores for people . . . Do we have people that have access to that data that maybe don’t need it?

NG: How long until this system actually exists?

DH: We’re really just getting started with that type of capability. We have a lot of the data together, and we're starting to really establish those baselines and risk scores. We’re really early in that journey. We’re hoping to be there in this fiscal year, but I think that's a pretty tall order. We’ll definitely be well into that journey this fiscal year.

NG: How much will the cyberintrusion system take into account outside threats? 

DH: We already ingest threat feeds and we’ll continue to do that. We’re exploring some ideas around social media to see if there are opportunities for us to leverage social media to look for, "This looks like a group of people that are trying to do bad things, and they have a relationship to an employee here. Do we need to be worried about that or not?" 

NG: USPS has been trying to update its GPS routing system for package delivery drivers for a couple years so it adjusts in real-time to factors such as traffic. Do drivers feel undermined when a computer system tells them to change the route they've been perfecting for decades?

DH: There's definitely that kind of pushback. We do that kind of "dynamic routing" even with our carriers on the street -- we no longer just follow static routes and go to every door. Definitely people think, "I know this, I’ve been driving it for 20-30 years, my computer doesn't know that better than I do." And I think initially, that's where we have to be very, very careful. 

Because people are resistant to it, they think they do know it better. We want to make sure the [computer-generated route] really is the way to do it. 

NG: How much data do you collect on individual customers?

DH: That’s always a touchy one for people: How much do they really want people to know about what they're doing. We know an awful lot about people because we know what goes in your mailbox everyday. Do we know where you are at all times? No.

But as more and more services get offered up about notifications -- [such as], "I want to know that my package was delivered to me via text message," or now, we're even experimenting with, "I don’t want you to deliver that package to my house, I want to you deliver it to me here, where I’m going to be at that time". . . that kind of information certainly becomes available where we start to know more and more patterns.

We know what kind of stuff you're buying based on packages you receive. I don’t think that’s all that important at the individual user level, but it does become important to some of our business customers. 

We’re not going to tell them about your specific buying habits, but we're going to say, "Hey, you want to sell sporting goods, why don't you give us 1,000 of whatever you have, [maybe] a catalog . . . We'll make sure it gets in those right mailboxes." We won't risk people's information. 

NG: But you could probably make the case, for some customers, that knowing more about their habits could help USPS be more efficient in package delivery. 

DH: I think we want to go the other way, where we’ll let you tell us, if you want, where you're going to be. With a lot of the newer cars, there are digital keys. I don't think [USPS is] actually exploring this one, [but] your phone can either unlock your trunk or open a particular door. [So, maybe in the future it could be], "I don't need you to deliver to my house anymore, here's where my car is going to be, put it in my trunk."

There are some interesting cases like that. They’re not currently on our roadmap, but as that technology evolves and becomes more ubiquitous, [it] certainly becomes an opportunity for people to use that kind of service. 

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.