Ask someone in federal IT what zero trust means and you’re likely to hear that it’s about access control: never granting access to any system, app or network without first authenticating the user or device, even if the user is an insider. The term “Never trust; always verify” has become a common way to express the concept of zero trust, and the phrase is first on the list of the Defense Information Systems Agency’s (DISA’s) explanation.
The U.S. Army’s universal, reprogrammable encryption chip is in final testing and may be destined for the service’s next-generation encryption fill device, other military services or possibly even the commercial sector.
The REprogrammable Single Chip Universal Encryptor (RESCUE) technology was developed to be a government-owned, general-purpose cryptographic module and architecture that is highly tailorable to counter emerging cryptographic threats. It uses standardized encryption algorithms designed by the National Security Agency (NSA) and the National Institute for Standards and Technology.
The two-factor authentication schema is often heralded as the silver bullet to safeguard online accounts and the way forward to relegate authentication attacks to the history books. However, news reports of a phishing attack targeting authentication data, defeating the benefits of the protection method, have weakened confidence in the approach. Furthermore, hackers have targeted account recovery systems to reset account settings, yet again mitigating its effectiveness. Facilitating additional layers of security is crucial to bolstering user account protection and privacy today and into the future.
Cyber policy traditionally has focused more on enterprise networks than tactical systems, according to Nancy Kreidler, the Army’s new leader for the Cybersecurity and Information Assurance Directorate within the Office of the Chief Information Officer/G-6. But new initiatives emphasize cybersecurity in the tactical environment, including networks, weaponry and any other systems used by warfighters.
The secret word is out and crypto is in as government and commercial experts lay the groundwork for the next generation of identity proving and authentication. Passwords are being abandoned in favor of a range of new methods that are more secure and, in some cases, more user friendly.
Biometrics are just part of the solution. They have been paired with public key cryptography in preliminary efforts. Ultimately, the solution may emerge from an entirely new concept of identity that applies across a broad spectrum of applications.