The Changing Identity of Identity Management

A key element of the move to zero trust is the use of "strong multi-factor authentication (MFA) throughout their enterprise." While identity management has been indicated by many as the "low hanging fruit" of a zero-trust journey, it is by no means easy. In fact, recent guidance from the Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) called it "notoriously difficult."

Key challenges to implementing MFA include:

  • Lack of standards - the CISA/NSA guidance pointed to confusion over MFA terminology and vague policy instructions as primary challenges to implementing more secure access. A joint committee of European Union (EU) and U.S. experts addressed this same issue in the Digital Identity Mapping Exercise Report, which aimed to define specific digital identity technical terminology. For example, the group found some definitions, such as "authoritative source" and "authentication factor," are identical between the U.S. and EU, whereas others, like "identity" and "signature," remain only partially matched.
  • Phishing - bad actors do not always hack the system; they hack the process, gaining entry through social-engineering tactics that grow more sophisticated by the day. The CISA/NSA report called on the vendor community to provide MFA services with additional investments and greater defenses against sophisticated attacks.
  • Rise of Generative AI - The Department of Homeland Security (DHS) is working to ensure technologies can determine if a submitted image is legitimate or a hacker's spoof. This "liveness detection" is needed to ensure that a submitted selfie is really a photo of a person, not a mask, photo of a photo, or other technique to try to get past the check.

Continue reading

How CX Is Driving Government Modernization

Improving the "customer" experience (CX) for citizens interacting with the government has been a focus for several administrations. The reason is that better experience equals improved trust in government. It's critical that our systems live up to the promise of government for the people.

Defining the Pieces of CX

A critical part of getting experience right is understanding the different pieces that make up a customer experience. Words like "experience" and "service" are often used interchangeably when talking about CX efforts, but it is important to understand some key differentiators. Continue reading

The Lesser Known Missions of Homeland Security

The mission of the Department of Homeland Security (DHS) is widely understood, "to safeguard the American people, our homeland, and our values." However, in carrying out this mission, DHS touches a number of areas that may not seem intuitively tied to homeland defense but are nonetheless critical challenges facing the nation as well as agencies across government.

Artificial Intelligence

DHS has a key role in securing the homeland from cyber threats. The department's Cybersecurity & Infrastructure Security Agency (CISA) is the operational lead for federal cybersecurity and the national coordinator for critical infrastructure security and resilience. With this responsibility, CISA and other DHS agencies play a key role in shaping policy and guidance around emerging technology use. Today, they are keenly focused on helping agencies safely and ethically use Artificial Intelligence (AI) to improve mission effectiveness.

DHS is leading by example. AI is currently being used to aid border-patrol efforts, combat drug trafficking, and create age-progression estimations of missing children. While implementing AI itself, DHS is also focused on how adversaries may use AI and creating ways to defend against the technology being used to spread disinformation, create more advanced cyber attacks, or speed the development of weapons. Continue reading

Department Spotlight: Department of Homeland Security

The mission of the Department of Homeland Security (DHS) may seem straightforward - protect the homeland - but in practice a lot goes into fulfilling that promise. DHS is an incredibly complex organization with a set of agencies that, while focused on the singular mission of keeping America safe, do so in incredibly diverse ways. The Department has laid out six core missions that all support the effort to secure the nation.

Recent efforts of DHS highlight their commitment to these goals. Continue reading

Strengthening Cyber Resilience With Collaboration

Today's organizations know that stopping 100% of cyber-attacks is not a realistic goal. Rather, the focus has shifted to cyber resilience, "the ability to anticipate, withstand, recover from, and adapt to adverse conditions, stresses, attacks, or compromises on systems that use or are enabled by cyber resources."

A critical pillar in becoming resilient is communication and collaboration. The Cyber EO focused on improving the nation's cybersecurity and highlighted the need to improve collaboration with threat intelligence sharing between public and private organizations as well as the creation of cross-government cyber boards. In recent months, key strides have been made in facilitating information sharing around cyber best practices, resource availability, as well as process and policy. Continue reading