Treasury Secretary Steven Mnuchin called out private sector innovation, government support, public-private partnerships and decentralization such as the National Strategy for Trusted Identities in Cyberspace when speaking about authentication inadequacies, particularly for financial services.
“The federal government is tech neutral,” Mnuchin said in his comments at the Federal Identity Forum & Exposition in Washington.
Despite the federal government being a major deployer of secure ID technology and a key mark for online fraud, it shouldn’t develop solutions to guard an increasingly intricate global financial environment, Mnuchin explained. He recommended that the government continue partnering with the industry for resolutions to the cybersecurity issues.
Mnuchin pointed to government efforts such as the National Institute of Standards and Technologies’ NSTIC, which funds pilot projects by commercial companies and researchers to develop secure identity solutions.
“We’ve seen great innovations through public-private partnerships like the emergence of FIDO authentication — where major firms in IT, software, device manufacturers, banking, health care and security have partnered with government, NIST in particular – to deliver on this vision,” Mnuchin said.
The Fast IDentity Online (FIDO) Alliance, an open industry association of more than 250 organizations, created an open standards-based approach for authentication that it says is easier and much more secure than passwords and one-time passwords. Organizations complying with FIDO specifications deliver secure authentication technology including mobile phones, USB keys, near-field communications, Bluetooth low energy devices and wearables.
Additional quotes and points from Mnuchin from the address included the following:
- “Solving identity is key to enabling financial inclusion and to banking the unbanked – identity is the rails that financial services runs on.”
- Identity proofing, binding and authentication must provide security in a way that’s respectful of privacy. They also must be easy for consumers to use – layering passwords on top of passwords just overwhelms consumers and complicates their lives.
- “We’ve seen great innovations through public-private partnerships like the emergence of FIDO authentication – where major firms in IT, software, device manufacturers, banking, health care and security have partnered with government (NIST) to deliver on this vision.”
- “With these commitments from that industry, we’re at the point where it will be hard for a consumer to buy a device or launch a browser that doesn’t support strong authentication out of the box.”
Brett McDowell, executive director of the FIDO Alliance, commented on Secretary Mnuchin’s address: “I applaud Secretary Mnuchin and the administration for recognizing the role, responsibility and opportunity for industry, and the FIDO Alliance and FIDO standards, to play in improving the identity ecosystem and the overall security of American citizens. It’s refreshing to see how cybersecurity has not been politicized by this administration; the Secretary’s references to the importance of NSTIC, launched by the previous administration, is a good example of how the administration views government as playing a supporting role to private sector innovation.”
The Commission on Enhancing National Security delivered a detailed cybersecurity plan earlier this year in a 100-page “Report on Securing and Growing the Digital Economy.” NIST maintained, “Our reliance on passwords presents a tempting target for malicious actors. Consequently, we are making it too easy for those who seek to do harm, whether they be nation-states, well-organized criminal groups or online thieves.”
