Authentication said key to cybersecurity

A top DHS cybersecurity adviser says authentication, metrics key to cybersecurity

The ability to authenticate computer users, devices and processes is a major part of the Homeland Security Department's emerging vision for improved computer security, a top cybersecurity official said today.

The department wants an open, standards-based cyber “ecosystem” that is securely designed, said Bruce McConnell, cybersecurity counselor to Philip Reitinger, DHS’ principal cybersecurity official.

During a breakfast discussion in Washington held by TechAmerica, McConnell said that cyber ecosystem must be supported by metrics that can help decision-makers spend their budgets more effectively.

Meanwhile, McConnell also said strong authentication is also important because it will reduce the “noise” that makes enforcing cybersecurity difficult.

In an interview after the event, McConnell added, "Better authentication reduces the complexity of the intrusion-detection problem because when legitimate entities, devices and processes are authenticated, then the universe of those that are malicious is more obvious.”

He also said the White House is developing an overall program for authentication with DHS' help.

McConnell said a digital authentication system needs to be:

  • Voluntary, but some privileges could be denied for not using it, however, no one should be required to use it.
  • Easy to use.
  • Able to support people’s multiple roles and avatars in cyberspace.
  • Adhere to the long-standing, worldwide list of fair information practices that deal with privacy.
  • Able to provide anonymity for certain actions in cyberspace that relate to areas such as free speech and political speech.

Meanwhile, the results of the Obama administration’s cybersecurity policy review, released in May, recommended the near-term development of a cybersecurity-based identity management strategy that effectively deals with privacy and civil liberties.

“We cannot improve cybersecurity without improving authentication, and identity management is not just about authenticating people. Authentication mechanisms also can help ensure that online transactions only involve trustworthy data, hardware, and software for networks and devices,” the report states.

About the Author

Ben Bain is a reporter for Federal Computer Week.

Featured

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

  • Comment
    Pilot Class. The author and Barbie Flowers are first row third and second from right, respectively.

    How VA is disrupting tech delivery

    A former Digital Service specialist at the Department of Veterans Affairs explains efforts to transition government from a legacy "project" approach to a more user-centered "product" method.

  • Cloud
    cloud migration

    DHS cloud push comes with complications

    A pressing data center closure schedule and an ensuing scramble to move applications means that some Homeland Security components might need more than one hop to get to the cloud.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.