Identity Authentication Key Piece of Cybersecurity Puzzle
WASHINGTON — Identity authentication is taking a front-and-center role in the administration’s approach to ensuring robust cybersecurity across the U.S. government, according to Carole House, director of cybersecurity and secure digital Innovation at the White House National Security Council.
It “sits at the heart of zero trust which was critical in the [cybersecurity executive order]…That’s critical since the federal government can no longer depend upon perimeter-based defenses to protect critical systems and data,” House said at Tuesday’s AT&T Policy Forum event, “Identity Authentication: The Next Layer of Protection in a Robust Cybersecurity Strategy.”
The cybersecurity order issued in May directed federal agencies to work towards a zero trust approach that assumes any hardware or software technology cannot be trusted. It was followed by the Office of Management and Budget releasing a draft on the federal strategy for how to accomplish the goal.
House said, “Identity also plays a key role in many other areas that the administration is pursuing – whether countering fraud or implementing beneficial ownership under the Corporate Transparency Act to counter illicit finance on corruption, or part of our resilience efforts under the counter ransomware approach for the U.S. government.
“The draft strategy points to identity being this first pillar,” which bolsters the order by helping “accelerate agencies towards a shared baseline of zero trust implementation and maturity.”
But it’s not just the federal agencies that are working towards more robust authentication and the adoption of a zero trust architecture. According to Ben Flatgard, executive director for cybersecurity at JPMorgan Chase, it is at the “core” of the financial services company’s strategy to protect its enterprise and its clients.
Flatgard, who worked as NSC’s cybersecurity director for eight years, explained that the OMB strategy focuses on identification authentication: phishing proof, multi-factor authentication, and deploying supportive technologies to these means.
Ten years ago, he added, people were not filing their mortgage and credit card applications through their phones as they are today. This “huge influx of native digital engagements” opens a door for companies like his to provide underserved communities access to credit and financial services, by “[capturing] people’s interest where they’re at and that is increasingly on the phone.”
The high volume of digital engagement has also opened the door to more cyber crimes. During the pandemic, state unemployment systems provided “hundreds of billions of dollars” in federal benefits to the states, which had no remote verification controls, said Jeremy Grant, managing director of technology business strategy at Venable.
“Organized crime immediately looked at it and made a beeline for it,” he said, causing the government to lose tens of billions of dollars.
Despite digital literacy’s importance in fostering proper cyber hygiene, expecting everyone to understand it and practice it in their everyday life may be expecting too much.
“It’s not really on the customer on the identity proofing side, it’s on industry and government to partner better together to exchange information in appropriate ways when what customers ask for it,” Flatgard said. The government and the private sector should provide the products and solutions with the safeguards already built into their design, Flatgard said, which just points back to zero trust architecture as opposed to having them download apps or figure it out themselves.
This is where public-private partnering would accelerate the zero trust build-out, Grant said. ZenKey, for example, is in the midst of a pilot project with the Department of Health and Human Services to narrow the number of requests the agency needs to send to verify one identity.
The “fragmented landscape” of all the sensitive information floating around needs to be reduced, he said, as it not only adds a layer of complexity to the user but increases the entry points for breaches. To tackle this, ZenKey allows for the portability of the user’s sensitive information regardless of whether you change phones or providers.
As the “only massively recognized authoritative issuer of identity,” the government has to “play more of a direct role” in setting the security and privacy “high bar,” Grant said, and working with the private sector to identify solutions that are also interoperable and easy to use.
In The News
WASHINGTON — The Senate Judiciary Committee approved antitrust legislation Thursday that bans Big Tech from giving a preference to their... Read More
WASHINGTON — The Senate Judiciary Committee approved antitrust legislation Thursday that bans Big Tech from giving a preference to their own products and services on their internet platforms. The American Innovation and Choice Online Act responds to criticism that Amazon, Apple, Google and Meta Platforms Inc.’s... Read More
WASHINGTON — A digital ledger of transactions known as blockchain, that can protect an individual’s identity and information, is evolving... Read More
WASHINGTON — A digital ledger of transactions known as blockchain, that can protect an individual’s identity and information, is evolving in the health care space into decentralized patient-centric platforms. “Think of blockchain as an underlying technology that supports everything. It’s a ledger of knowing what happened,... Read More
WASHINGTON — AT&T and Verizon on Tuesday agreed to delay their rollout of new 5G services near some unspecified airports... Read More
WASHINGTON — AT&T and Verizon on Tuesday agreed to delay their rollout of new 5G services near some unspecified airports over ongoing concerns that moving those services to a new band could cause flight disruptions. Debate has been raging for months over whether — and if... Read More
When April Schneider's children returned to in-person classrooms this year, she thought they were leaving behind the struggles from more... Read More
When April Schneider's children returned to in-person classrooms this year, she thought they were leaving behind the struggles from more than a year of remote learning. No more problems with borrowed tablets. No more days of missed lessons because her kids couldn't connect to their virtual... Read More
SAN FRANCISCO — Former Twitter CEO Jack Dorsey on Wednesday announced the creation of a nonprofit legal defense fund geared... Read More
SAN FRANCISCO — Former Twitter CEO Jack Dorsey on Wednesday announced the creation of a nonprofit legal defense fund geared towards defending Bitcoin developers from litigation. Dorsey announced the fund in a mailing list for Bitcoin developers and said its purpose was to aid software developers... Read More
SAN ANTONIO — Twitter content curated by its personalization algorithms amplifies the mainstream political right more than the left, according... Read More
SAN ANTONIO — Twitter content curated by its personalization algorithms amplifies the mainstream political right more than the left, according to a joint study conducted by the platform’s transparency and accountability team. Researchers undertook a large-scale experiment that analyzed millions of Twitter users, political parties in... Read More