Americans should move beyond just the password to use multiple factors of authentication when logging-in to online accounts. That’s according to a ‘Cybersecurity National Action Plan’ from the White House.
The plan speaks of how Americans ought to judiciously combine a strong password with a fingerprint or a single use code delivered in a text message, to make accounts more secure. Such multi-factor authentication will be part of a US National Cybersecurity Awareness Campaign to consumers by the National Cyber Security Alliance. That alliance will include such cyber names as Google, Facebook, DropBox, and Microsoft, Visa and PayPal.
Also proposed by President Obama is a Commission on Enhancing National Cybersecurity for business, and technical thinkers outside the US government to make ‘critical recommendations’ on privacy protection and cyber safety. The White House also proposes a $3.1 billion Information Technology Modernization Fund and a new Federal Chief Information Security Officer to update the federal government’s IT. And Obama is budgeting for more than $19 billion for cybersecurity, a rise of 35 percent from the previous year. Inside the US government, Obama wants agencies to identify and prioritise their highest value and most at-risk IT assets and take cyber security steps. The US government plans to make more hires in cybersecurity; offer scholarships for Americans who wish to obtain cybersecurity education and serve their country in the civilian Federal government; and student loan forgiveness for cybersecurity people joining the Federal workforce.
The Federal Trade Commission recently relaunched IdentityTheft.Gov, for victims to report identity theft, create a ‘personal recovery plan’, and print pre-filled letters and forms to send to credit bureaus, businesses, and debt collectors.
Comment
Jason Andrew, GM and VP EMEA, BMC Software, said: “We live in the age of ‘cyber warfare’. Today’s most sophisticated hackers don’t just have the power to steal confidential credit card details or email addresses at the click of a button, but many can hack into a country’s critical national infrastructure, infiltrate the emails of a large corporation, or even break into the highly confidential information of government departments. The threat is here today, and there is too much to lose if global governments are not prepared for the new era of ‘cyber warfare.’ President Obama’s welcoming of a new cyber security initiative to increase the security of the federal government’s IT infrastructure should be welcomed with open arms by public and private sector decision makers. Furthermore, businesses and governments across the world should take this as a call to action to safeguard data in the interest of protecting employees, and in the wider interest of national security. Taking inventory of hardware and software to close loose ends, install the latest upgrades and security updates, and ensure compliance are vital first steps to optimising and securing digital enterprises and governments.
“In the UK – the public sector is making strong inroads in undergoing a digital transformation, with many government departments moving formerly paper-intensive processes into faster, more efficient digital processes. The key now is to take this one step further as with the increase in online services comes an added responsibility to safeguard the deluge of customer and employee data that will be processed and stored. Robust cyber security measures and protocols must be implemented throughout various public sector departments, to ensure staff are fully trained on how to deal with data breaches, and that preventative measures are put in place to mitigate the damage when a data breach does occur.”
US breaches
What the White House did not say was that the US government has been embarrassed by various cyber breaches. For instance the US taxman, the Internal Revenue Service (IRS), reported that using personal data stolen elsewhere outside the IRS, identity thieves used malware in an attempt to generate E-file PINs for stolen social security numbers.
Lisa Baergen, manager at NuData Security, commented: “It is disappointing that the IRS’ Get Transcript Tool has once again been used by hackers in the run up to tax season, and their success rate was shocking. Last year the same tool was used to gain information on American citizens in order to submit fraudulent tax returns. This year the same tool has been leveraged to obtain the very Identity Protection PINs that were lauded last year as a way for tax payers to protect their accounts and private information. What did the hackers use in their automated attack? Just the name, address, date of birth and Social Security Number – and thanks to countless breaches, some even at the highest levels of the American government, this information is not hard to find. If the data is out there, it will be used. Why are we making it easier for hackers? So long as key security measures rely on easily obtained, personally identifying information, this will keep happening. We have to devalue that cheap, easy to come by data and approach authentication in an entirely new way or these headlines will keep appearing every spring. “
