Identity Authentication Key Piece of Cybersecurity Puzzle
WASHINGTON — Identity authentication is taking a front-and-center role in the administration’s approach to ensuring robust cybersecurity across the U.S. government, according to Carole House, director of cybersecurity and secure digital Innovation at the White House National Security Council.
It “sits at the heart of zero trust which was critical in the [cybersecurity executive order]…That’s critical since the federal government can no longer depend upon perimeter-based defenses to protect critical systems and data,” House said at Tuesday’s AT&T Policy Forum event, “Identity Authentication: The Next Layer of Protection in a Robust Cybersecurity Strategy.”
The cybersecurity order issued in May directed federal agencies to work towards a zero trust approach that assumes any hardware or software technology cannot be trusted. It was followed by the Office of Management and Budget releasing a draft on the federal strategy for how to accomplish the goal.
House said, “Identity also plays a key role in many other areas that the administration is pursuing – whether countering fraud or implementing beneficial ownership under the Corporate Transparency Act to counter illicit finance on corruption, or part of our resilience efforts under the counter ransomware approach for the U.S. government.
“The draft strategy points to identity being this first pillar,” which bolsters the order by helping “accelerate agencies towards a shared baseline of zero trust implementation and maturity.”
But it’s not just the federal agencies that are working towards more robust authentication and the adoption of a zero trust architecture. According to Ben Flatgard, executive director for cybersecurity at JPMorgan Chase, it is at the “core” of the financial services company’s strategy to protect its enterprise and its clients.
Flatgard, who worked as NSC’s cybersecurity director for eight years, explained that the OMB strategy focuses on identification authentication: phishing proof, multi-factor authentication, and deploying supportive technologies to these means.
Ten years ago, he added, people were not filing their mortgage and credit card applications through their phones as they are today. This “huge influx of native digital engagements” opens a door for companies like his to provide underserved communities access to credit and financial services, by “[capturing] people’s interest where they’re at and that is increasingly on the phone.”
The high volume of digital engagement has also opened the door to more cyber crimes. During the pandemic, state unemployment systems provided “hundreds of billions of dollars” in federal benefits to the states, which had no remote verification controls, said Jeremy Grant, managing director of technology business strategy at Venable.
“Organized crime immediately looked at it and made a beeline for it,” he said, causing the government to lose tens of billions of dollars.
Despite digital literacy’s importance in fostering proper cyber hygiene, expecting everyone to understand it and practice it in their everyday life may be expecting too much.
“It’s not really on the customer on the identity proofing side, it’s on industry and government to partner better together to exchange information in appropriate ways when what customers ask for it,” Flatgard said. The government and the private sector should provide the products and solutions with the safeguards already built into their design, Flatgard said, which just points back to zero trust architecture as opposed to having them download apps or figure it out themselves.
This is where public-private partnering would accelerate the zero trust build-out, Grant said. ZenKey, for example, is in the midst of a pilot project with the Department of Health and Human Services to narrow the number of requests the agency needs to send to verify one identity.
The “fragmented landscape” of all the sensitive information floating around needs to be reduced, he said, as it not only adds a layer of complexity to the user but increases the entry points for breaches. To tackle this, ZenKey allows for the portability of the user’s sensitive information regardless of whether you change phones or providers.
As the “only massively recognized authoritative issuer of identity,” the government has to “play more of a direct role” in setting the security and privacy “high bar,” Grant said, and working with the private sector to identify solutions that are also interoperable and easy to use.
In The News
The Federal Trade Commission should work with the U.S. Congress on drafting a comprehensive federal privacy law, instead of using... Read More
There was a time when 3D holographic communications was a fantasy; something depicted in George Lucas’s “Star Wars” movies but... Read More
There was a time when 3D holographic communications was a fantasy; something depicted in George Lucas’s “Star Wars” movies but far from everyday. However, “what was once science fiction is now becoming reality,” said Andre Fuetsch, chief technology officer of AT&T, on Monday. Speaking at the... Read More
WASHINGTON -- The foundations of what could prove to be the next great innovations in climate change prevention technology were... Read More
WASHINGTON -- The foundations of what could prove to be the next great innovations in climate change prevention technology were laid out and dissected during a Brookings Institution webinar this week. Sanjay Patnaik, director of Brookings Center on Regulation and Markets, hosted a virtual discussion on... Read More
WASHINGTON -- If everyone were to employ proper cyber hygiene like multi-factor authentication or not clicking on links in phishing... Read More
WASHINGTON -- If everyone were to employ proper cyber hygiene like multi-factor authentication or not clicking on links in phishing emails, more than 85% of cyberattacks would be prevented, said Sen. Angus King, I-Maine, Thursday. “The best hack is the one that doesn’t happen,” King said... Read More
Social entrepreneurship uses technology to bridge the gap between “cash-strapped” municipalities and local governments, said Gabriella Wong, CEO and founder... Read More
Social entrepreneurship uses technology to bridge the gap between “cash-strapped” municipalities and local governments, said Gabriella Wong, CEO and founder of AccesSOS, Tuesday. Wong’s comment came during the Camelback Venture’s Guardian Summit panel discussion where she was joined by two other socially-driven app founders and executives... Read More
WASHINGTON -- The Federal Communications Commission is poised to consider an application from Boeing to launch and run an array... Read More
WASHINGTON -- The Federal Communications Commission is poised to consider an application from Boeing to launch and run an array of broadband satellites. Acting FCC chair Jessica Rosenworcel circulated a proposal for voting on Boeing’s application last week. Industry watchers have said the fact Rosenworcel went... Read More