NSC Cyber Official Seeks Unified Identity Technology – MeriTalk
Amit Mital, senior director of cybersecurity and policy at the White House National Security Council (NSC), is looking for a unified and trusted secure digital identity technology that he says has the potential to significantly reduce identity-based fraud and the success of attempted ransomware attacks.
Speaking at an event hosted by Okta on June 23, Mital said unifying themes of such technology would include interoperability, ease of use and the ability to be legally binding. The White House NSC official didn’t indicate any particular technology being developed, but he offered a list of requirements and gains.
“The question is how to link [identity technologies] for an interoperable solution,” he said. Individual identity solutions, he said, tend to be “isolated” and lead to “ever more complex password requirements”.
“We need a solution that works for all areas,” he said.
One of the defining requirements for future identity technologies is the critical need for people to present online identification that rises to the level of legality currently offered by the presentation of a driver’s license or passport. .
Mital endorsed the usefulness of multi-factor authentication schemes, saying they work well in enterprise environments, but also explained that they cause unnecessary “friction” for users because they are also time consuming.
This biggest stumbling block of user friction, he said, becomes evident when citizens try to manage their health records. The problem is particularly troublesome, he said, because Americans have an average of 17 health care “relationships” with service providers ranging from doctors to insurers. The need to prove one’s identity in this range of relationships “causes enormous friction”, he said.
“Imagine if I could prove my identification all at once” with a secure and trusted digital identity that would be “reusable in any scenario,” he said. Achieving this goal, he said, would significantly reduce credential-based fraud and ransomware attacks motivated by credential theft.