To convince government officials they should take digital identity management seriously, guidelines from the federal National Institute of Standards and Technology quote a 1993 New Yorker cartoon.
“On the internet, nobody knows you’re a dog,” the caption reads.
The NIST digital identity guidelines help to ensure that an employee or contractor "is who they claim to be,” but these rules lack widespread adoption inside the federal government, according to a new report from software company One Identity.
The survey found 41 percent of government agencies have met the federal guidelines for identity and access management, according to a Nov. 13 report. Conversely, 49 percent of federal respondents surveyed by the company said that they are “making progress” and 10 percent said their agency has either taken no steps to meet the access management rules, or simply do not plan on meeting the guidelines.
The survey interviewed 203 civilian, defense and intelligence officials with responsibility for IT security.
“One of the things the DoD folks said was that they don’t see it as a mission enabler, which kind confuses me a little bit,” Dan Conrad, the federal chief technology officer at One Identity told Fifth Domain.
Enhancing security “can be a real headache sometimes” when you add protection without offering functionality, Conrad said. “But I really thought that we actually started to socialize enough of the security aspect of identity and access management —the areas of authentication — that they would appreciate the fact people can’t impersonate them anymore.”
The Department of Defense has tried to address identity management issues in recent years. The Defense Advanced Research Projects Agency, or DARPA, has created an “active authentication program” that “seeks to develop novel ways of validating the identity of computer users by focusing on the unique aspects of individuals through software-based biometrics.”
“Just as when you touch something with your finger you leave behind a fingerprint, when you interact with technology you do so in a pattern based on how your mind processes information, leaving behind a ‘cognitive fingerprint,’” DARPA said in an description of the program.
Products that have been funded through the DARPA program include an active authentication sensor, decoys and visual analysis software.
The report comes after the U.S. government has been struck by hacks and loss of information in part because of poor identity management. Edward Snowden, the former National Security Agency contractor, used a coworker’s password during his 2013 pilfering of American secrets.
Chinese hackers infiltrated the Office of Personnel Management and stole records of roughly 22 million federal employees in 2015, but privileged access controls "would have helped detect the intrusion earlier and made it significantly more difficult for the actor to spread across the network,” according to a 2016 memo from the FBI and Department and Homeland Security obtained by the news website FCW.