Just over three-quarters of federal employees have enabled an extra layer of protection on their user accounts in order to fight off hackers, according to a White House cybersecurity official.
That’s nearly double the number who used it over the summer, but still means a quarter of them have yet to use the multi-factor authentication, which helps to deter hackers when passwords are compromised.
“We have managed to raise the level across the board for non-administrators to 76 percent of federal government accounts,” constituting an “increase in just two months from 40 percent,” said Michael Daniel, cybersecurity coordinator at the White House.
Inspired by the breach of the Office of Personnel Management, federal employees have taken more steps to secure their user accounts, Daniel said. “We’re almost close to 100 percent use of two-factor authentication for all our administrator accounts across the federal government,” Daniel added.
Related Story: http://www.washingtonexaminer.com/article/2573484
“It’s ridiculous in some ways that it took [the OPM breach] to move us,” Daniel observed in remarks at Google’s headquarters in Washington, D.C., as part of a speech about the evolving nature of cyberthreats. He said the United States risks losing the traditional advantages of cyberspace if cybersecurity fails to evolve at a commensurate pace.
“The same technology that has enabled us to drive enormous increases in our commerce to enable social connections across time and space … to enable research, to push the boundaries of human rights and democracy … is also a place that enables theft, it enables invasion of privacy, it enables intrusions,” Daniel said.
“It is sort of that dichotomy that we have to live with, that the technologies that enable us to do so much good also enable us to do so much harm.”
Daniel said threats are becoming more potent for several reasons, explaining that attackers had become more “industrialized” and increasingly organized. “They run it like a business,” Daniel said. “They operate on the principles of the division of labor. They’ve read Adam Smith.”
“And then you add in another piece of this, which is that the threat is becoming more frequent because nation states have figured out that they can pursue their interest in cyberspace,” he added.
He also said that potential targets for cyberattackers are proliferating. “Ten years ago,” Daniel said, attacks were “the digital equivalent of graffiti.” But as things like household items become connected to the Internet, he said, “Every piece of equipment you have will be a threat vector.”
The solution, he said, will include an end to passwords. “If we actually moved to a world where we killed the password dead as a primary method of security, we would all be much better off,” Daniel stated. “Hopefully my kids will ask me what the heck a password is the same way they ask what a rotary phone in grandma’s house is doing there.”
Researchers have been developing alternatives to passwords, which include personal USB keys and biometric technology.
“We’re in a place where if we don’t actually solve some of the vexing problems that we face … we risk the Internet and cyberspace becoming a strategic liability,” Daniel said. “That is not an outcome that we want.”
“In that context, I see the efforts that are going on here as absolutely critical to improving the overall health of our digital ecosystem,” he concluded.
