Authentication said key to cybersecurity

A top DHS cybersecurity adviser says authentication, metrics key to cybersecurity

The ability to authenticate computer users, devices and processes is a major part of the Homeland Security Department's emerging vision for improved computer security, a top cybersecurity official said today.

The department wants an open, standards-based cyber “ecosystem” that is securely designed, said Bruce McConnell, cybersecurity counselor to Philip Reitinger, DHS’ principal cybersecurity official.

During a breakfast discussion in Washington held by TechAmerica, McConnell said that cyber ecosystem must be supported by metrics that can help decision-makers spend their budgets more effectively.

Meanwhile, McConnell also said strong authentication is also important because it will reduce the “noise” that makes enforcing cybersecurity difficult.

In an interview after the event, McConnell added, "Better authentication reduces the complexity of the intrusion-detection problem because when legitimate entities, devices and processes are authenticated, then the universe of those that are malicious is more obvious.”

He also said the White House is developing an overall program for authentication with DHS' help.

McConnell said a digital authentication system needs to be:

  • Voluntary, but some privileges could be denied for not using it, however, no one should be required to use it.
  • Easy to use.
  • Able to support people’s multiple roles and avatars in cyberspace.
  • Adhere to the long-standing, worldwide list of fair information practices that deal with privacy.
  • Able to provide anonymity for certain actions in cyberspace that relate to areas such as free speech and political speech.

Meanwhile, the results of the Obama administration’s cybersecurity policy review, released in May, recommended the near-term development of a cybersecurity-based identity management strategy that effectively deals with privacy and civil liberties.

“We cannot improve cybersecurity without improving authentication, and identity management is not just about authenticating people. Authentication mechanisms also can help ensure that online transactions only involve trustworthy data, hardware, and software for networks and devices,” the report states.

About the Author

Ben Bain is a reporter for Federal Computer Week.

Featured

  • FCW PERSPECTIVES
    sensor network (agsandrew/Shutterstock.com)

    Are agencies really ready for EIS?

    The telecom contract has the potential to reinvent IT infrastructure, but finding the bandwidth to take full advantage could prove difficult.

  • People
    Dave Powner, GAO

    Dave Powner audits the state of federal IT

    The GAO director of information technology issues is leaving government after 16 years. On his way out the door, Dave Powner details how far govtech has come in the past two decades and flags the most critical issues he sees facing federal IT leaders.

  • FCW Illustration.  Original Images: Shutterstock, Airbnb

    Should federal contracting be more like Airbnb?

    Steve Kelman believes a lighter touch and a bit more trust could transform today's compliance culture.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.