Fed cybersecurity report calls on Trump to address digital identity, authentication woes
03 December, 2016
category: Corporate, Digital ID, Government
One element of Obama’s Feb. 2016 Cybersecurity National Action Plan created the Commission on Enhancing National Cybersecurity. The new body’s purpose was to develop recommendations to strengthen cybersecurity in both the public and private sectors.
The commission’s 90-page report, Report on Securing and Growing the Digital Economy, was released Dec. 1. It calls on the incoming Trump administration to enact a series of initiates within its first 100-days in light of “the urgency of the challenges facing our nation.”
The document was more direct than earlier government reports in its recognition of identity and authentication’s importance to overall cybersecurity. Citing that “a review of the major breaches over the past six years reveals that compromised identity characteristics have consistently been the main point of entry,” the report goes on to suggest that “the shared goal of both the public and private sectors should be that compromises of identity will be eliminated as a major attack vector by 2021.”
Obama commented on the report, citing accomplishments during his tenure, including:
- 35 percent-plus increase in Federal cybersecurity resources in his 2017 budget
- creation of the National Institute of Standards and Technology (NIST) Cybersecurity Framework
- cybersecurity consumer awareness efforts, including the “Lock Down Your Login” campaign
- establishment of first-ever federal Chief Information Security Officer position
- push to reduce the government’s reliance on legacy technologies, proposing a $3.1 billion fund to modernize IT systems
- creation of the Cyber Threat Intelligence Integration Center as a single government-wide source for assessing on cyber threats
He asks that the Commission brief Trump’s transition team on the recommendations and urges Congress to “fully fund the urgent cybersecurity needs that my Administration has identified in my 2017 Budget and elsewhere.”
What are the recommendations?
Following an obligatory overview of the state of cyber security and the abundant threats, a series of six imperatives, 16 recommendations and 53 related actions are presented.
The imperatives are:
- Protect, defend, and secure today’s information infrastructure and digital networks
- Innovate and accelerate investment for the security and growth of digital networks and the digital economy
- Prepare consumers to thrive in a digital age
- Build cybersecurity workforce capabilities
- Better equip government to function effectively and securely in the digital age
- Ensure an open, fair, competitive, and secure global digital economy
1. Protect, defend, and secure today’s information infrastructure and digital networks
- Recommendation 1.1: The private sector and the Administration should collaborate on a roadmap for improving the security of digital networks, in particular by achieving robustness against denial-of-service, spoofing, and other attacks on users and the nation’s network infrastructure.
- Recommendation 1.2: As our cyber and physical worlds increasingly converge, the federal government should work closely with the private sector to define and implement a new model for how to defend and secure this infrastructure.
- Recommendation 1.3: The next Administration should launch a national public–private initiative to achieve major security and privacy improvements by increasing the use of strong authentication to improve identity management.
- Recommendation 1.4: The next Administration should build on the success of the Cybersecurity Framework to reduce risk, both within and outside of critical infrastructure, by actively working to sustain and increase use of the Framework.
- Recommendation 1.5: The next Administration should develop concrete efforts to support and strengthen the cybersecurity of small and medium-sized businesses (SMBs).
2. Innovate and accelerate investment for the security and growth of digital networks and the digital economy
- Recommendation 2.1: The federal government and private sector partners must join forces rapidly and purposefully to improve the security of the Internet of Things (IoT).
- Recommendation 2.2: The federal government should make the development of usable, affordable, inherently secure, defensible, and resilient/recoverable systems its top priority for cybersecurity research and development (R&D) as a part of the overall R&D agenda.
3. Prepare consumers to thrive in a digital age
- Recommendation 3.1: Business leaders in the information technology and communications sectors need to work with consumer organizations and the Federal Trade Commission (FTC) to provide consumers with better information so that they can make informed decisions when purchasing and using connected products and services.
- Recommendation 3.2: The federal government should establish, strengthen, and broaden investments in research programs to improve the cybersecurity and usability of consumer products and digital technologies through greater understanding of human behaviors and their interactions with the Internet of Things (IoT) and other connected technologies.
4. Build cybersecurity workforce capabilities
- Recommendation 4.1: The nation should proactively address workforce gaps through capacity building, while simultaneously investing in innovations—such as automation, machine learning, and artificial intelligence— that will redistribute the future required workforce.
5. Better equip government to function effectively and securely in the digital age
- Recommendation 5.1: The federal government should take advantage of its ability to share components of the information technology (IT) infrastructure by consolidating basic network operations.
- Recommendation 5.2: The President and Congress should promote technology adoption and accelerate the pace at which technology is refreshed within the federal sector
- Recommendation 5.3: Move federal agencies from a cybersecurity requirements management approach to one based on enterprise risk management (ERM).
- Recommendation 5.4: The federal government should better match cybersecurity responsibilities with the structure of and positions in the Executive Office of the President.
- Recommendation 5.5: Government at all levels must clarify its cybersecurity mission responsibilities across departments and agencies to protect and defend against, respond to and recover from cyber incidents.
6. Ensure an open, fair, competitive, and secure global digital economy
- Recommendation 6.1: The Administration should encourage and actively coordinate with the international community in creating and harmonizing cybersecurity policies and practices and common international agreements on cybersecurity law and global norms of behavior.
Read the full report here.