KNOW Identity Forum: Cybersecurity and Government Edition
On September 4, 2019, we hosted our second KNOW Identity Forum in Washington, DC! We appreciate the diverse crowd of public and private sector security professionals who turned out for the event and helped make it a great evening. We learned a lot about the relationship between the Federal Government and cyber initiatives from experts across the identity, cybersecurity, and privacy field. For those who could not attend, here are a few key takeaways that emerged from the Forum stage last week.
The Identity Community is Stronger Together
The evening started with a live State of Identity podcast, hosted by Cameron D’Ambrosi, OWI’s Principal Analyst. Jeremy Grant, Managing Director of Venable LLC, and Nishant Kaushik, Chief Technology Officer of Uniken, joined as guests to discuss their work with the Better Identity Coalition.
The Better Identity Coalition is dedicated to working alongside policymakers to improve digital privacy and security. Members include household names such as Discover, MasterCard, and Wells Fargo. To kick-off the podcast, Nishant announced Uniken as the newest coalition member and gave the audience a behind-the-scenes look into Uniken’s decision to come onboard, underscoring the importance of collaboration and government participation in digital identity solutions.
Government’s Role in the Identity Transformation
Government-issued IDs are currently the foundation for how we prove identity, both in-person and online. Both Kaushik and Grant emphasized that for digital identity to truly progress and become more effective, the government must play a role in policy and planning.
Consortiums, like the Better Identity Coalition, are gaining traction. Grant was a senior executive advisor at NIST before he transitioned to the private sector in 2017 at the behest of private companies asking for his assistance. The Better Identity Coalition’s substantial growth illustrates the excitement of like-minded companies to solve identity-related challenges together.
Identity is only as strong as the weakest link. Both Grant and Kaushik touched upon the shortcomings of the Social Security Number. While private sector companies have attempted workarounds, none have gained adoption at scale. The Federal government currently holds the ‘book of names’ for identity verification, as most companies require a government-issued ID for onboarding. Both speakers urged private companies to acknowledge this reality and try and work with the government instead of thinking about them as a roadblock.
The full podcast episode is available now. Listen and subscribe for more details on the Better Identity Coalition and how they’re working to bridge the disconnect between the Federal government and private sector.
The Intersection of Cyber Industry and Federal Government
The finale of the event was a stacked panel of cyber and identity experts, ready to discuss some of the most interesting and sensitive topics in this field. OWI Principal Kaelyn Lowmaster moderated a discussion with Easy Dynamics Corporation Privacy Lead, Jamie Danker, ID.me CEO, Blake Hall, and Strategic Cyber Ventures CEO, Hank Thomas. The panel kicked off with an important conversation around why Federal agencies have been slow to adopt cybersecurity initiatives and how the identity community can help federal agencies tackle these issues head-on, ensuring the Federal Government is the common denominator in cyber initiatives.
Striking a balance between public and private is challenging, but important. Traditionally governments have been a less attractive market for startups and technology companies, simply because the government moves more slowly. The federal procurement process is time-consuming and clunky, especially if the other option is companies that can deploy technology immediately. There is no shortage of opportunity for cyber companies to find work outside of government agencies.
The good news: this is changing. Companies are realizing that government identification is an essential piece to the larger digital identity puzzle. Most notably, the Department of Homeland Security (DHS) established the Cybersecurity and Infrastructure Security Agency last year with a clear mandate to modernize and manage national infrastructure risk.
We need more support to bridge the gap between private-public conversations. There is a disconnect between policymakers, who are responsible for driving future cybersecurity rules and regulations, and the private sector, which often reacts to cyber threats firsthand. In the wake of Cambridge Analytica, the importance of collaboration and conversations around these issues is finally getting the attention it deserves. But it’s a gap that is difficult to close, and there is still more work to do.
For example, the National Institute of Standards and Technology (NIST) publishes cybersecurity and identity framework. NIST 800-63-3 defines three tiers of assurance. The third tier, IAL3, requires a verification process that no private company has yet to implement at scale. This is a perfect example of how public and private need to collaborate to find the best solution: standards should not compromise for cost or efficiency, yet unachievable standards damper progress and disincentivize companies from working towards compliance.
The full panel conversation will be released soon as part of the State of Identity podcast feed, so stay tuned!
What’s Next from KNOW Identity
The silver lining of all the cybersecurity issues in the limelight is that these very public events drive awareness and create a platform for collaboration and public-private partnerships that can drive real change. The culmination of our KNOW Identity Forums is the KNOW Identity Conference in Las Vegas. As identity analysts, we know first-hand that these issues require collaboration, communication, and community. We have a ton of educated, intelligent, and passionate people in this space, and the KNOW Identity Conference is to create space for the community to come together to learn from one another and share ideas, successes, and failures.
Identity is truly an issue that is behind nearly everything we do, and the OWI team looks forward to bringing more influential people in this space together to bridge these critical conversations and support digital identity initiatives, from the Federal Government to enterprise cyber firms.
Lastly, a big thanks to Uniken, the sponsor of this KNOW Identity Forums, who is a critical partner for us as we bring KNOW Identity Forums to cities throughout the U.S., plus Canada and London.