US National Cybersecurity Strategy: What It Means for Digital Identity
Increased government regulation makes the combination of Identity Governance and Administration and Identity Access Management essential to success
The Biden-Harris Administration recently released its National Cybersecurity Strategy outlining how it will address rapidly evolving cyberthreats and secure the promise of our digital future. As the world becomes increasingly digital with the nation's most relied upon resources all connected, this strategy marks an important step in our nation's efforts to become more secure.
Until now, the U.S. government has viewed cybersecurity as voluntary. The White House's strategy demonstrates that it has shifted to viewing these cybersecurity policies as mandatory because attackers continue to have the upper hand when it comes to cybercrime and fraud.
The main focus of the National Cybersecurity Strategy is to defend our Nation's critical infrastructure, which is vital for the health and wellbeing of the American people, as well as essential services that keep our economy moving. Most notably, the strategy identifies the need for industry and government to work together, saying we "must drive effective and equitable collaboration to correct market failures, minimize the harms from cyber incidents to society's most vulnerable, and defend our shared digital ecosystem." These collaborative efforts will allow crucial updates to occur, and in turn, greatly improve the resilience of our essential services, protecting us from catastrophic cyber interference.
But what else will this cybersecurity strategy mean for government entities, IT leaders, and citizens?
- Increased security is a necessary step of government regulation. This has been needed for quite some time to protect the interests of the American people.
- States will need to pass legislation that mandates a centralized citizen framework to reduce fraud. As the framework is created, legacy authentication methodologies need to be replaced.
- We need to work cooperatively with governments around the world to create a secure and free digital ecosystem. While the strategy accurately identifies the need to protect the interests of the American people, the digital ecosystem is global - meaning worldwide collaboration is necessary.
The challenges identified by the White House have highlighted that government entities and organizations alike need more mature, scalable identity solutions that can be deployed quickly and flexibly to any necessary environment. The ability to have standard processing for proofing, authenticating, and authorizing Identities and non-person entities (NPE) is key to the Zero Trust architecture, which will quickly advance the availability of new standards to support and enable the most disadvantaged populations.
To best support this new strategy, organizations and leaders can take the actionable steps below to ensure compliance:
- Stop using old authentication methodologies. This includes knowledge-based authentication (KBA) like passwords and Social Security Numbers that open organizations up to increased cyber risk. Removing these authentication methodologies strengthens security and reduces the risk of costly breaches.
- Legacy systems take time to modernize. Beginning the process of implementing new security infrastructure and applications is often intimidating, and knowing where to begin is half the battle. Selecting a governance solution with strong journey orchestration capabilities helps organizations design and implement new solutions at their own pace - without it being an "all or nothing" experience.
- Consider enterprise grade governance solutions. Governance solutions that converge Access Management with Identity Governance help enterprises gain efficiencies, meet compliance regulations and increase cost savings with the ability to manage, secure, and govern identities throughout their entire lifecycle.
- Put AI (and Zero Trust) to work. Advancements in AI have made it possible for better threat detection, particularly in areas around Zero Trust. Seeking out tech partners who offer this can support the White House's initiative to modernize networks and update the Federal incident response policy.
- Prioritize explicit consent & proper data management practices. Many leaders have already made steps in the right direction with the adoption of phishing-resistant authentication technologies like passkeys, but the White House's emphasis on promoting privacy and security of personal data means securing explicit consent from users and minimizing the amount of personal data stored on individuals will be critical to complying.
While the National CyberSecurity Strategy is a great place to start, it will take some time for it to come to life. U.S. federal departments and agencies, state and local governments, and private industry verticals must develop action plans, which White House funding has committed to support to help accelerate. Additionally, governance and compliance challenges associated with the growth of the hybrid workforce, employee job changes and increasing adoption of cloud-based applications and services is proving to be difficult for organizations, often resulting in increased costs and security risk. Identity Governance and Administration will be key to organizations supporting the new National Cybersecurity Strategy, and managing all identities, both for workforce and consumer, from a single comprehensive identity platform.
ForgeRock is ready to support and enable our government and private sector customers as they implement the directions outlined in this new strategy. We look forward to the innovation that will occur as a result of these efforts. Together, we can create a more secure digital future.