Authentication said key to cybersecurity

The ability to authenticate computer users, devices and processes is a major part of the Homeland Security Department's emerging vision for improved computer security, a top cybersecurity official said today.

The department wants an open, standards-based cyber “ecosystem” that is securely designed, said Bruce McConnell, cybersecurity counselor to Philip Reitinger, DHS’ principal cybersecurity official.

During a breakfast discussion in Washington held by TechAmerica, McConnell said that cyber ecosystem must be supported by metrics that can help decision-makers spend their budgets more effectively.

Meanwhile, McConnell also said strong authentication is also important because it will reduce the “noise” that makes enforcing cybersecurity difficult.

In an interview after the event, McConnell added, "Better authentication reduces the complexity of the intrusion-detection problem because when legitimate entities, devices and processes are authenticated, then the universe of those that are malicious is more obvious.”

He also said the White House is developing an overall program for authentication with DHS' help.

McConnell said a digital authentication system needs to be:

• Voluntary, but some privileges could be denied for not using it, however, no one should be required to use it.
• Easy to use.
• Able to support people’s multiple roles and avatars in cyberspace.
• Adhere to the long-standing, worldwide list of fair information practices that deal with privacy.
• Able to provide anonymity for certain actions in cyberspace that relate to areas such as free speech and political speech.

Meanwhile, the results of the Obama administration’s cybersecurity policy review, released in May, recommended the near-term development of a cybersecurity-based identity management strategy that effectively deals with privacy and civil liberties.

“We cannot improve cybersecurity without improving authentication, and identity management is not just about authenticating people. Authentication mechanisms also can help ensure that online transactions only involve trustworthy data, hardware, and software for networks and devices,” the report states.