This month, the Biden Administration unveiled the National Strategy Implementation Plan for the National Cybersecurity Strategy, which calls for transformative changes in managing the U.S. digital environment, prioritizing security and resilience across public and private sectors and balancing investments between future development and addressing immediate threats.
The plan represents a departure from the previous strategy criticized for lack of specificity in action. The Digital Forensic Research Lab at the Atlantic Council noted that the current blueprint downscaled ambitious initial objectives, resulting in a simplified and potentially less effective approach. Of most concern is the need for a comprehensive digital identity solution. This is further complicated by the US government’s adoption of a zero-trust architecture strategy, which will undoubtedly alter cybersecurity measures for government contractors and other partnering organizations—particularly those outside on-premise infrastructure.
The strategy’s failure to include a strong digital identity solution is a significant setback, mainly since ZTA is limited to Domain Name System and Hypertext Transfer Protocol. Utilizing Open-Source Software to develop AI-empowered authentication offers a promising long to term solution to ZTA for creative user authentication. By adopting this approach, the government can achieve robust digital identification, enhancing transparency, flexibility, and real-time threat detection for a more secure digital ecosystem.
Open-source software
The NCSIP delivers a more detailed approach and designates responsibilities for government stakeholders, encompassing sixty-five federal initiatives to safeguard American employment, combat cybercrime, and enhance domestic cybersecurity expertise, utilizing legislative support from the Inflation Reduction Act and CHIPS & Science Act.
Moreover, the plan places increased cybersecurity standard compliance responsibility on the private sector, guided by the Office of the National Cyber Director. Notably, the NCSIP introduces a dedicated segment for regular policy reviews, ensuring an adaptive strategy that remains in sync with the ever-changing cybersecurity landscape, a long-awaited measure advocated by experts.
One essential aspect of the plan that deserves highlighting is the advocacy for Open-Source Software. OSS has been in use by the Department of Defense since 2009, offering several advantages for government applications, including cost-effectiveness and encouraging open collaboration. OSS operates like an adaptable recipe, freely available for anyone to use, modify, improve, and share.
A key benefit is that it does not require licensing fees, potentially leading to lower maintenance and support costs, which align well with government budgets. Furthermore, OSS’s flexibility and customization capacity are critical for addressing specific governmental needs, especially in complex projects faced by the intelligence community and the DoD.
As the government increasingly integrates artificial intelligence platforms, leveraging OSS can lead to more efficient data processing and safeguarding of sensitive networks. For instance, institutions can significantly enhance Intrusion Detection Systems, Intrusion Prevention Systems, and proxies by utilizing network simulators or machine learning platforms derived from OSS and customized to meet specific government needs.
While OSS has significant advantages, it also has potential challenges. These can include hidden costs associated with training, support, and integration, the need for substantial resources and expertise to secure and review the code, potential fragmentation, and slower or less predictable development timelines. Organizations should consider the decision to use OSS on a case-by-case basis, taking into account their specific requirements and available resources.
By striking the right balance, OSS can develop resilient digital identity solutions and improve cyber defense measures.
Digital identity
Digital identity plays a critical role in cybersecurity. Most security breaches occur due to flaws in digital identity processes and tools. Custom-made identity processes and legacy digital identity software from the early 2000s often open avenues for malicious activities and are inefficient. Therefore, there needs to be a comprehensive digital identity solution.
The recent incident involving Chinese hackers penetrating US government email accounts, as reported by Microsoft, serves as a stark reminder of the critical importance of digital identity. Implementing an effective ZTA must extend beyond on-premise infrastructure and include robust digital identity solutions (e.g., digital signature, public-key encryption, and key-establishment algorithms) capable of resisting state-backed hackers and being available to users worldwide. Furthermore, it must be capable of protecting sensitive government information well into the foreseeable future, including after the advent of quantum computers.
Between 2019 and 2021, account takeover attacks surged by 307%, demonstrating the increasing sophistication of cybercrimes. These attacks not only damage public trust but also cause substantial financial harm. Cybercriminals are exploiting AI to bypass traditional authentication schemes using methods like credential stuffing and creating deep fakes. However, harnessing AI within the ZTA can provide valuable security benefits, like real-time threat detection, to ensure a proactive approach to authentication.
Moreover, this solution could leverage improving further digital security opportunities, such as decentralized networks and quantum key distribution. Digital identity is not only about security; it also enhances user experience and productivity while reducing time and costs. It’s a necessary tool for enabling secure and easy interaction in the digital world for both individuals and organizations.
A robust digital identity solution is not a luxury; it is a requisite to ensure operational security and prevent unauthorized access, especially in a complex and interconnected environment.
OSS and AI integration
The zero trust maturity model operates on the principle of not implicitly trusting any network and revolves around dynamic risk-based authentication, continuously adjusting access controls based on real-time threat assessments. Adopting zero-trust security, as emphasized in President Biden’s Executive Order 14028, is an urgent necessity with the rise of remote work and increasing breaches. Zero trust minimizes the attack surface and prevents unauthorized lateral movement within networks but also hinders network access.
Building on OSS with AI can achieve the robust digital solutions needed within the Zero Trust model to defend against hacking attempts while allowing broader user access. OSS provides transparency and flexibility to the cybersecurity ecosystem, with publicly accessible source code enabling continuous peer review and rapid vulnerability identification. This transparency and flexibility complement AI integration, which enhances real-time IDS, IPS, and adaptive response capabilities. By processing vast data, AI algorithms identify anomalies and potential cyber threats which compromise device and network integrity.
Leveraging AI-driven risk analysis, contextual factors like user location, device health, and behavior patterns dynamically modify access privileges. For example, accessing sensitive data from an unusual location may prompt the system to require additional authentication methods. The convergence of OSS and AI facilitates continuous learning from past incidents, current trends, and emerging attack vectors, empowering the system to maintain a proactive and agile defense strategy. Real-time analysis of cyber trends and emerging threats ensures organizations can swiftly adapt to evolving techniques, bolstering their cybersecurity resilience.
Embracing ZTA is a necessity for protecting sensitive data, critical infrastructure, and national interests. The transparency and flexibility of OSS form a strong foundation for security, while AI-driven capabilities empower the system to detect and respond to cyber threats in real time. By prioritizing digital identity solutions and leveraging the full potential of AI and OSS, a secure and resilient digital ecosystem will further strengthen cyber security.
Maj. Nicholas Dockery is a research fellow for the Modern Warfare Institute. He is also a Downing Scholar, an active duty special forces officer, and a contributor to the Irregular Warfare Initiative. The views expressed are those of the author(s) and do not reflect the official position of the United States Military Academy, Department of the Army, or Department of Defense.