It has been nearly a year since the Federal workforce had to shift to telework practically overnight. While the Federal government was already working to increase telework capabilities, COVID-19 forced agencies to modernize at warp speed. After making sure employees had the devices they need, agencies had to ensure that cybersecurity capabilities remained strong even though employees were now working on their home networks.
At an ATARC online event on Feb. 18, experts from across the Federal government discussed cybersecurity authentication changes and innovations. The panel included Joe Ramsey, Director of IT Security and CISO for the Department of Commerce’s International Trade Administration and Ross Foard, Senior Engineer for Cybersecurity Division at the Cybersecurity and Infrastructure Security Agency.
All of the panelists agreed that Personal Identity Verification (PIV) cards are the “gold standard” for identity authentication. However, multiple panelists pointed out that using PIV cards isn’t always feasible either during normal times or during the pandemic.
While Ramsey said using PIV cards is a priority for the International Trade Administration, it isn’t always doable. In those instances, Ramsey said the agency looks to follow the intent of the law, even if it is unable to follow the letter of the law. He said in those instances, the organization uses smart cards to still ensure they have multifactor authentication.
Foard stressed that COVID has forced each agency to take its own approach to achieve strong authentication based on its own situations and needs. He also stressed the importance of taking a risk management approach. Alluding to the fact that agencies may not be able to meet the gold standard for authentication, Foard said that “sometimes getting off the floor” is the short-term goal when it comes to cybersecurity.
Looking toward what could be accomplished in the next year, Ramsey focused on deploying biometrics as a larger part of identity authentication. He jokingly reminded the audience that unless cybercriminals figure out a way to steal his finger, using biometrics will keep things secure.