President Donald J. Trump’s recent Executive Order has inspired shocks in the world of cybersecurity, most notably in the area of digital identity.
The executive order, which seeks to redirect the focus of cybersecurity efforts, is a radical departure from how former administrations handled cyber and has wide-ranging implications for the way people and institutions conduct themselves on the digital front.
Among the most direct and consequential: The abandonment of federal programs that incentivized and standardized digital identity products to access government services.
The Biden administration had urged agencies to study allowing digital IDs, like mobile driver’s licenses, to ease access and fight fraud. But the new order prevents these programs, saying it worries about “widespread abuse by aliens through the receipt of public benefits.”
This move puts proven cybersecurity improvements at the losing end of the battle against immigration benefits, critics contend. Experts such as Mark Montgomery, the senior director at the Foundation for Defense of Democracies’ Center on Cyber and Technology Innovation, have even criticized that this “fixation on repealing digital ID mandates means putting questionable immigration interests before clear cybersecurity benefits.”
Not to mention the broader implications for government services. Suboptimal?The shift from a unified federal approach to digital identity in the wake of COVID-19 might result in a more fragmented, and possibly less secure, digital landscape.
In the absence of a standardized federal baseline, the responsibility for crafting their own digital identity verification processes may fall more heavily on individual firms or subnational entities, which could result in non-uniformity and exploitation across sectors.
Additionally, the executive order works to rebase the US government’s position on new technologies such as Artificial Intelligence (AI) and post-quantum cryptography (PQC).
Though the directive focuses on identifying and mitigating vulnerabilities in AI systems, it departs from a similar one issued last week that encourages a broader use of the technology in cyber defense. Likewise, the impetus for swift adoption of PQC was also tempered, even with the specter of quantum computers cracking the encryption in use today.
For companies, especially in the financial and fintech industries, this signals a fresh wave of strategic uncertainty. Disruption to established compliance paths, such as compulsory atestations for bug-free softwares development as is required for federal contracts, will force companies to reassess their management of risk.
Although some organizations may view this deregulation as a cost-saving measure, it also shifts the security responsibility back onto them in a more nebulous context.
The New Executive Order: Philosophical Shift in the U.S. Approach to Cybersecurity The new Executive Order is just as much a philosophical shift as it is a move toward pure executive function with respect to cybersecurity.
While digital identity infrastructure and security will need to adapt to the models that are now emerging, their long-term consequences are still percolating, but will likely result in a shift of responsibility and ultimately, perhaps a more unharmonious approach to digital identity in the US.
