Authentication said key to cybersecurity

A top DHS cybersecurity adviser says authentication, metrics key to cybersecurity

The ability to authenticate computer users, devices and processes is a major part of the Homeland Security Department's emerging vision for improved computer security, a top cybersecurity official said today.

The department wants an open, standards-based cyber “ecosystem” that is securely designed, said Bruce McConnell, cybersecurity counselor to Philip Reitinger, DHS’ principal cybersecurity official.

During a breakfast discussion in Washington held by TechAmerica, McConnell said that cyber ecosystem must be supported by metrics that can help decision-makers spend their budgets more effectively.

Meanwhile, McConnell also said strong authentication is also important because it will reduce the “noise” that makes enforcing cybersecurity difficult.

In an interview after the event, McConnell added, "Better authentication reduces the complexity of the intrusion-detection problem because when legitimate entities, devices and processes are authenticated, then the universe of those that are malicious is more obvious.”

He also said the White House is developing an overall program for authentication with DHS' help.

McConnell said a digital authentication system needs to be:

  • Voluntary, but some privileges could be denied for not using it, however, no one should be required to use it.
  • Easy to use.
  • Able to support people’s multiple roles and avatars in cyberspace.
  • Adhere to the long-standing, worldwide list of fair information practices that deal with privacy.
  • Able to provide anonymity for certain actions in cyberspace that relate to areas such as free speech and political speech.

Meanwhile, the results of the Obama administration’s cybersecurity policy review, released in May, recommended the near-term development of a cybersecurity-based identity management strategy that effectively deals with privacy and civil liberties.

“We cannot improve cybersecurity without improving authentication, and identity management is not just about authenticating people. Authentication mechanisms also can help ensure that online transactions only involve trustworthy data, hardware, and software for networks and devices,” the report states.

About the Author

Ben Bain is a reporter for Federal Computer Week.

Featured

  • Telecommunications
    Stock photo ID: 658810513 By asharkyu

    GSA extends EIS deadline to 2023

    Agencies are getting up to three more years on existing telecom contracts before having to shift to the $50 billion Enterprise Infrastructure Solutions vehicle.

  • Workforce
    Shutterstock image ID: 569172169 By Zenzen

    OMB looks to retrain feds to fill cyber needs

    The federal government is taking steps to fill high-demand, skills-gap positions in tech by retraining employees already working within agencies without a cyber or IT background.

  • Acquisition
    GSA Headquarters (Photo by Rena Schild/Shutterstock)

    GSA to consolidate multiple award schedules

    The General Services Administration plans to consolidate dozens of its buying schedules across product areas including IT and services to reduce duplication.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.