Bipartisan cybersecurity panel issues report recommending stronger authentication
The Commission on Enhancing National Cybersecurity, a bipartisan panel that addresses cybersecurity challenges facing government and industry, issued a new report intended for the next administration that recommends, among other things, that all Internet-based federal government services provided directly to citizens use “appropriately strong authentication.”
The 100-page ‘Report On Securing and Growing the Digital Economy’ document includes 16 recommendations and 53 related directives for both the public and private sector.
The report identified several key authentication requirements, including that all citizen-facing digital government services require strong authentication; that all private-sector organizations use strong authentication solutions as the default for major online applications; and that all federal agencies use strong authentication by their employees and contractors.
In relation to the last requirement, the commission called for “updated policies and guidance that continue to focus on increased adoption of strong authentication solutions, including but, importantly, not limited to personal identity verification (PIV) credentials.”
On a broader level, the commission’s report informed the incoming administration on the largest cybersecurity challenges.
These issues include protecting, defending and securing today’s information infrastructure and digital networks; innovating and accelerating investment for the security and growth of digital networks and the digital economy; preparing consumers to thrive in a digital age; developing cybersecurity workforce capabilities; better equipping government to function effectively and securely in the digital age; and ensuring an open, fair, competitive and secure global digital economy.
Based on the “urgency” of these cybersecurity issues, the commission emphasized that many of these actions are intended to be taken on within the first 100 days of the new administration.
The commission also recommended the next administration to require all federal agencies to use National Institute of Standards and Technology’s Cybersecurity Framework.
The report also called for incentivizing cybersecurity behaviors and actions among commercial companies, determining which organizations should develop certain urgently needed standards, establishing consensus on which organizations should determine if those standards were being met, and the feasibility of cybersecurity labeling and ratings systems.
The report noted the important role that the FIDO Alliance plays in working towards achieving strong authentication in both the private and public sector.
“Other important work that must be undertaken to overcome identity authentication challenges includes the development of open-source standards and specifications like those developed by the Fast IDentity Online (FIDO) Alliance,” highlighting how FIDO enables “delivery [of] multifactor authentication to the masses, all based on industry standard public key cryptography.”
“I am thrilled to see the commission recognize the gravity of the password problem and the important role that the FIDO Alliance plays in addressing it,” said Brett McDowell, executive director at FIDO Alliance. “With more than 250 members from across the world – including technology companies, device manufacturers, major banks and health firms, all major payment card networks, several governments and dozens of security and biometrics vendors – the FIDO Alliance has emerged as the critical force for change in creating a foundation for simpler, stronger authentication.”
“As the Commission’s report counsels, we have the opportunity to change the balance further in our favor in cyberspace – but only if we take additional bold action to do so,” President Obama said in a written statement regarding the report. “My Administration has made considerable progress in this regard over the last eight years. Now it is time for the next Administration to take up this charge and ensure that cyberspace can continue to be the driver for prosperity, innovation, and change – both in the United States and around the world.”