White House: ‘Significant progress’ made on user authentication during sprint
A number of federal agencies have greatly increased their use of strong authentication measures for network users in the wake of the Obama administration’s 30-Day Cybersecurity Sprint.
According to a blog post by U.S. Chief Information Officer Tony Scott, “significant progress” has been made in increasing the use of personal identity verification cards or other forms of strong authentication at federal civilian agencies.
According to Scott, there has been a 30 percent increase (from 42 to 72 percent) in the use of authentication for privileged and unprivileged users. Privileged users saw a 40 percent jump (from 33 to 75 percent) since agencies last reported their quarterly data on Performance.gov.
Thirteen agencies, including the departments of Transportation, Veterans Affairs and the Interior, now also have deployed strong authentication for 95 percent of privileged users.
Tightening user privileges was one of the key directives of the cybersecurity sprint, issued in the wake of the hack at the Office of Personnel Management that saw data stolen on more than 22 million current and federal employees, and federal background check investigation applicants.
Scott wrote in the blog post that a team of 100 experts from across the government and private industry are now leading a review of the information gathered from the sprint, using their findings to craft the federal Cybersecurity Sprint Strategy and Implementation Plan. The plan will be released in the coming months.
“While these statistics are just a few examples of a marked improvement in identifying and closing the gaps in the Federal cyber infrastructure, we still have more work to do,” Scott wrote. “Malicious actors aren’t slowing down. As their efforts become more sophisticated, frequent, and impactful, so must ours. Although the sprint may have come to a conclusion, it is only one leg of a marathon to build upon progress made, identify challenges and continuously strengthen our defenses.”
Scott also calls on Congress to help the government meet its cybersecurity needs, mainly by lifting sequestration and passing legislation. The Senate has been weighing whether to take up the Cybersecurity Information Sharing Act, which could see a vote as early as next week or as late as the fall.
“Let me be clear: there are no one-shot silver bullets,” Scott wrote. “Cyber threats cannot be eliminated entirely, but they can be managed much more effectively. We can best do this by aligning and focusing our efforts, by properly funding necessary cyber investments, by building strong partnerships across government and industry and by drawing on the best ideas and talent from across the country to tackle this quintessential problem of the 21st century.”
Read the full blog on the White House’s website.