Cyber Security: Virtual Border Control
It seems today the virtual world is devoid of any border requirements. It is not illegal to connect to a computing resource around the globe. There are no border crossings and special permission is not required to interact with others in the virtual world. Still, the same threat exists in the virtual world as does in the physical. There are still those who would seek to hurt the U.S. through virtual attacks and try to gain access to sensitive information or take down critical infrastructure. The solution that has been implemented... build a wall. In the virtual world, this is called a firewall and is designed to keep unwanted parties from accessing protected resources or sensitive information. As in the physical world, this simply is ineffective in stopping sophisticated attackers from bypassing this line of defense.
As the cyber threat landscape evolves, so must defenses. One can no longer function in the paradigm of building a wall around data resources. Access protection needs to extend to the individual access point. In many cases this is an individual pc protected by a user name and password. Just like the wall, this protection is simply the wrong choice at keeping cyber criminals out of sensitive areas. There needs to be a shift to a stronger form of authentication based upon higher level of identity assurance. The federal government has mandated this level of identity assurance be issued to all federal employees and contractors through Homeland Security Presidential Directive 12 (HSPD-12). The mandatory use of this credential for logical access has been further enforced throughout the Department of Defense. As the PIV credentials gain a high saturation level within all federal agencies it would make sense to mandate the PIV for logical access too, thereby eliminating the username/password vulnerability altogether.
By adding this layer of defense, protecting our cyber borders is extended down to the individual access point, significantly strengthening overall security posture.
As these identity credentials have been rolled out within the federal government, it has provided a baseline by which to implement stronger multi-factor authentication methods. Practically, this means that the credential that is issued by federal employees or military personnel can also be used as the basis for accessing computer networks. This is much stronger than a user name and password combination because it requires the person attempting to gain access to use something they have (smart card based identity credential) and something they know (personal identification number or pass phrase) to gain access to the network.
By adding this layer of defense, protecting our cyber borders is extended down to the individual access point, significantly strengthening overall security posture. Notably, this example begins to looks for ways to provide this same level of identity assurance to citizens, enabling a broader scope of border protection to our virtual world.