Last year was a banner year for cyber fraud. In just the first six months of 2019, more than 3,800 breaches exposed 4.1 billion records, with 3.2 billion of those records exposed by just eight breaches. The scale of last year’s data breaches underscores the fact that identity has become the currency of the digital world and data is the fuel that powers the digital economy. What’s also clear looking back on 2019 is that digital identities are continually being compromised on multiple levels.
For U.S. intelligence agencies, identity is all about “trying to find bad guys,” said Kathleen Lane, the identity intelligence executive for the Office of the National Director of Intelligence.
In a rare public appearance at the AFCEA International Federal Identity Forum and Expo in Tampa, Florida, Lane explained that her attendance was part of a push by ODNI to be more transparent about the increasing U.S. use of identity intelligence.
There’s a new federal player on the field in the identity security game—the U.S. Treasury’s anti-money laundering and financial intelligence office, the Financial Crimes Enforcement Network known as FinCEN.
“Many of you may not know what we do,” FinCEN Director Kenneth Blanco told AFCEA International’s Federal ID Forum and Expo Tuesday, explaining that FinCEN was the regulatory agency that administers the Bank Secrecy Act—the primary federal law against terror financing and money laundering—and at the same time the principal financial intelligence agency for the U.S. government, providing access to its database of 30 million financial records to law enforcement agencies, regulators and foreign allies.
To guard America’s borders against a lengthening list of threats, the new interagency National Vetting Center (NVC) is flipping the script on watchlisting, officials said Monday.
Instead of compiling lists of individuals believed linked to terrorism or some other threat, the NVC is figuring out how to leverage all the information held by U.S. government agencies about any individual applying for entry to the country, the center’s director, Monte Hawkins, told AFCEA International’s Federal Identity Forum and Expo in Tampa, Florida.
The secret word is out and crypto is in as government and commercial experts lay the groundwork for the next generation of identity proving and authentication. Passwords are being abandoned in favor of a range of new methods that are more secure and, in some cases, more user friendly.
Biometrics are just part of the solution. They have been paired with public key cryptography in preliminary efforts. Ultimately, the solution may emerge from an entirely new concept of identity that applies across a broad spectrum of applications.
Some people worry that artificial intelligence will steal their jobs, but machine learning algorithms now generate images of fake fingerprints that match the prints of one in five people on the planet. Other biometric identification systems, such as face and iris recognition, may also be vulnerable. The capability puts the mobile device industry on notice that current biometric authentication systems may not be adequate for securing cell phones and other devices.
Powered by recent advances in artificial intelligence and machine learning, long-hyped technologies such as facial recognition and behavioral biometrics are promising frictionless identity authentication. In the near future, people will be able prove who they are without even trying and sometimes without even knowing they’re doing it.
|Patrick Grother is a computer scientist with the NIST Information Technology Laboratory, in charge of the biometric portion of the FIPS 201 update.|