Identity protection is an overdue government mission
- By Mark Forman, Bill Searcy
- Sep 21, 2017
In the United States, levels of anxiety and fear over digital security are on the rise. According to the latest Unisys Security Index worldwide survey, 68 percent of Americans are highly concerned about cyber and physical security -- up by nearly half in the past two years.
This survey, which gauges levels of security concern in 13 countries, shows people understand the importance of both cyber and physical security. The data also shows people are less and less trusting of the institutions -- including government -- responsible for security of their financial and physical well-being. Of particular interest to government is that younger people (up to 35 years old) register a higher level of fear about cybersecurity than do older Americans. That is, those who tend to make the most use of the digital economy are most worried about it and, in particular, about the ability to protect their identities.
So what should come next for government? First, government must protect the data it holds. Here are our recommendations:
- Strengthen the IT architecture at all levels of government. This move is strongly encouraged under the May 2017 White House executive order. Federal agencies must accelerate progress. Encryption of data and interactions should become the norm. If the government is to better foster security and information sharing, it must become a far more trustworthy and privacy-respecting repository -- one no longer characterized by breaches like the 2015 Office of Personnel Management hack.
- More states should emulate California, whose legislature last year passed a series of measures compelling the administration to better safeguard state systems. After all, state systems, no less than federal, contain petabytes of corporate, business and personal data. Moreover, much federal data in fact originates at the state and local levels, and information is only as secure as the weakest point of access.
- At the municipal level, cybersecurity policy and action can be more strongly tailored to the local “flavor.” While some cities are adopting cyber policies, there is much work to be done. Cities are on the path to deploying millions, and soon billions, of sensors, cameras and other internet-of-things devices. Few are encrypted or otherwise protected, so cities are major targets for ransomware, as shown in the attack on the Washington, D.C., surveillance camera system just prior to the January 2017 inauguration.
Second, the survey identified a new and growing gap in cybersecurity policy, namely identity. The large concern among those aged 35 and younger requires policy makers to initiate a national dialog about individual security and the need for identity protection. System-by-system passwords still rule the day, with a driver’s license or credit card chip being a basic authentication for commerce. In the digital economy, people can no longer protect themselves by hiding passwords and holding on to their wallets.
In many countries, from the United Kingdom to India, work is underway to create a government-certified national identity system that provides the type of security not possible under the current patchwork. While the U.S. experiments with Commerce Department’s National Strategy for Trusted Identities in Cyberspace, other countries are installing solutions to stop identity theft. India is deploying a combination policy and technology framework where more than a billion people now have a unique digital ID tied to more than one biometric. Even as it continues to refine the privacy implications of the system, India has already realized economic and personal security benefits. One quarter billion citizens are using banks for the first time.
Security of its citizens has always been a primary function of government, and agencies have indeed responded on many fronts, both cyber and physical. What the survey data makes clear is that people understand that no matter how many firewalls or security patches might be in place, identities keep getting stolen by the millions.
In short, governments across America now need a more robust approach to provide secure digital identities for their own operations and for the citizens they serve.
While government and the economy at large grow more mobile and digital, threats are also increasing. Americans fear for their security. It’s time to address those threats with stronger action to protect everyone’s identity.
Mark Forman, former federal CIO for the George W. Bush administration, is global head of Public Sector at Unisys.
Bill Searcy, a former deputy assistant director at the FBI, is vice president for Global Justice, Law Enforcement, and Border Security Solutions at Unisys.