Tag Archives: multi factor authentication

Zero Trust Passes Key Milestone

Posted on by

In January 2022, the Zero Trust Federal Strategy set a deadline of September 30, 2024, for agencies to adopt some level of zero trust architecture. Based on early indications, agencies have largely met zero-trust goals. The Federal CIO reported in early September that the 24 CFO Act agencies were all over 90% of the way to meeting the zero-trust goals. Beyond that group, the federal government as a whole was at 87% goal completion.

What's Changed?

The shift to zero trust is a response to the way government and citizens are using technology. With the increased use of cloud-based solutions, the traditional "castle and moat" security that protected on-premise infrastructure no longer supports the way applications are being deployed. Zero Trust focuses on continually verifying that users have permission to access the data and systems they are using. Gaining access requires coordination among a number of technologies that all work with a common set of user identification and access policies. Continue reading

The Changing Identity of Identity Management

Posted on by

A key element of the move to zero trust is the use of "strong multi-factor authentication (MFA) throughout their enterprise." While identity management has been indicated by many as the "low hanging fruit" of a zero-trust journey, it is by no means easy. In fact, recent guidance from the Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) called it "notoriously difficult."

Key challenges to implementing MFA include:

  • Lack of standards - the CISA/NSA guidance pointed to confusion over MFA terminology and vague policy instructions as primary challenges to implementing more secure access. A joint committee of European Union (EU) and U.S. experts addressed this same issue in the Digital Identity Mapping Exercise Report, which aimed to define specific digital identity technical terminology. For example, the group found some definitions, such as "authoritative source" and "authentication factor," are identical between the U.S. and EU, whereas others, like "identity" and "signature," remain only partially matched.
  • Phishing - bad actors do not always hack the system; they hack the process, gaining entry through social-engineering tactics that grow more sophisticated by the day. The CISA/NSA report called on the vendor community to provide MFA services with additional investments and greater defenses against sophisticated attacks.
  • Rise of Generative AI - The Department of Homeland Security (DHS) is working to ensure technologies can determine if a submitted image is legitimate or a hacker's spoof. This "liveness detection" is needed to ensure that a submitted selfie is really a photo of a person, not a mask, photo of a photo, or other technique to try to get past the check.

Continue reading

Beyond Facial Recognition: Growing Applications of Biometrics in Government

Posted on by

Biometrics are more than facial recognition. Biometrics include all types of biological markers that can be used for identification. Fingerprints pre-date the use of facial recognition and today the practice continues to evolve to use other biological data for a wide variety of use cases.

Tapping into wearable data for first responder safety

The Department of Homeland Security recently funded several startups that have developed innovative monitoring technologies that can be used to protect the health, safety and mental well being of police officers, firefighters, and other emergency responders. These solutions include: Continue reading

Cybersecurity Awareness Month 2022: See Yourself in Cyber

Posted on by

Since 2004, The Cybersecurity and Infrastructure Security Agency (CISA) and the National Cybersecurity Alliance (NCA) have led a collaborative effort (at the direction of the President and Congress) to raise cybersecurity awareness nationally and internationally. Marking October as Cybersecurity Awareness Month, individuals and organizations are given the tools to ramp up their cybersecurity education efforts. The theme for 2022 is "See Yourself in Cyber," putting the people aspect of cybersecurity front and center.

This focus on people is two-fold. First, there is the individual and personal responsibility each of us has to understand good cyber hygiene and conduct ourselves online in a way that protects the networks we depend on. Second, there remains a huge gap in the number of cybersecurity professionals and the number of roles that need filled. The "See Yourself in Cyber" theme invites more people to see their roles and skills in a cyber light, creating a bridge across the cybersecurity skills gap. Continue reading

Facing the Future of Biometrics

Posted on by

With many of us using our faces to "open" our phones, biometric technology has become an everyday consumer technology. Capitalizing on the comfort and ease of use of facial recognition, government agencies are looking to incorporate it (and other biometric methods) into their modern cybersecurity plans and approaches but are realizing implementation in a government setting raises a host of complications.

Interest in facial recognition is strong

The U.S. Government Accountability Office (GAO) released a report in August of 2021 that detailed current and planned use of facial recognition technology by federal agencies. In a survey of 24 departments and agencies it found that 18 reported using the technology and 10 reported plans to expand their use of it. Continue reading