The Federal Emergency Management Agency (FEMA) has come long way in its efforts to creatin identity protection programs that allow it to better collaborate with local and state governments, the agency’s top network security official said this week.
Dr. Gregory Edwards, chief information security officer (CISO) at FEMA, discussed at an August 15 Nextgov/FCW event some of the actions the agency has been taking to advance identity protection when it comes to allowing local officials across the country to quickly identify themselves and use FEMA applications.
“We all in the Federal government … have identity cards, known as common access cards,” he said. “But when we extended ourselves to the edge, we started operating with the states and local tribes and territories, and we had to extend them privileges so that we could collaborate about the disasters and the activities occurring within the state.”
“That remained a weakness that was impacting our mission … so, we started with acquiring some funds to be able to seed the equipment that would allow the states and local governments to begin to build their own identity services,” Edwards said.
Since then, local officials have been able to “authenticate themselves in a protected and in an assured manner to us, and then have that secure communications to the applications to get things like individual assistance and to apply for a grants or other types of services,” the CISO said.
The need for better authentication comes as one of the key pillars of the zero-trust architecture that FEMA is adopting to better protect the agency from hackers attempting to thwart identity-based defenses. A reportreleased earlier this month found that 80 percent of breaches of government agencies and private entities used “compromised identities” to infiltrate and bypass security.
“The center for cybersecurity for us, is our identity pillar, it is where we’ve started and we’re also doing other things in zero trust across the five pillars,” Edwards said.