Why government needs the future of two-factor authentication – Canadian Government Executive

NEWS

SEARCH

HR
ICT
May 6, 2015

Why government needs the future of two-factor authentication

This past August, the Toronto Star reported that in the four months prior, the Canadian federal government had incurred 101 privacy breaches – an average of almost one a day. The same summer, the National Research Council was forced to isolate its IT systems due to an attack from a “highly sophisticated Chinese state-sponsored actor.”

News like this, while troubling, is unfortunately not surprising. In the modern digital age, the threat of the next cyberattack is constantly looming, and the numbers are startling. There are 10 million daily hack attempts against the Pentagon alone, according to media sources. And a Ponemon Institute report estimates that recovering from a breach costs U.S. companies $3.5 million each on average.

The conclusion is clear. If governments want to avoid vulnerabilities that can lead to espionage, sabotage and terrorism, they need to protect their digital assets and resources. Canada is no exception. In fact, the Star also reported that federal public servants have been urging Ottawa to adopt a more coherent plan to address large-scale cyberattacks like the Heartbleed bug.

But the question is not whether the government of Canada should do something to combat online crime. It’s: what should they do?

My answer won’t shock anyone. After 25 years in the IT industry, managing security teams at leading tech and telecommunications companies such as Bell, I recently transitioned to a field that I believe embodies the future of cybersecurity: two-factor authentication (2FA) for access to online assets. And 2FA, of course, is my proposed response. However, it’s not so simple.

The government already knows that password-only protection is not enough. Its departments and agencies have already implemented 2FA. The problem is the methods of 2FA deployment currently in use – hard tokens and public key infrastructure (PKI) certificates – are legacy methods. They no longer hold up in terms of security, scalability and cost.

That’s why Ottawa must embrace not only the future of cybersecurity but also of 2FA: a phone/desktop-as-token solution. I’ll explain more about what that means later.

For those who don’t know, 2FA is a cybersecurity system which requires that users attempting to access corporate resources (e.g., Virtual Private Networks known as VPNs) possess two independent factors: something they know (traditional password) and something they have (a randomized code or token).

There are various types of 2FA solutions. Some involve sending one-time passwords (OTPs) or randomized codes through out-of-band SMS channels, which I would like to stress are not necessarily secure. With hard tokens, such as RSA’s SecurID, OTPs are displayed on key fobs.

But supplying a physical token to thousands (if not more) people is inconvenient and expensive. Tokens are easily lost resulting in the need to keep extra inventory in stock. Plus, if intercepted, OTPs can be copied onto other devices. RSA itself was the victim of a security breach in 2011 proving that attackers would have the means to generate certain valid token values.

PKI certificates, which can be thought of as virtual ID cards, are also used extensively by the government. When first implemented, they provided the security and the cryptography necessary to protect networks and online applications. However, due to costs, ongoing administration and difficulties with end-user adoption and acceptance, they have turned out to be a prohibitive solution.

Instead, the government should adopt a mobile-as-token alternative, some of which are available for desktops as well, in order to achieve the highest level of two-factor protection at the lowest possible costs.

The best of these types of 2FA systems are cloud-based (either in public or private clouds) and work by leveraging existing virtualization and mobile investments in order to send access requests to users’ smartphones, laptops or desktops via push notifications (not SMS or OTPs), essentially turning the device into a strong second factor token or credential. This is especially advantageous in a BYOD (bring your own device) context.

There are a host of other advantages that would come into play in a government setting. I’ll just mention a few of them here:

Scalable: Federal departments and agencies are large and far-reaching, meaning 2FA must be provisioned in mass quantities to thousands or millions of users. Without hardware (such as hard tokens) to supply, and by optimizing the smartphones, tablets and desktops already at employees’ disposal, the government would save time and money. Since these devices are second nature, user adoption would improve and, in turn, so would security while simultaneously eliminating training and saving administrators’ time for more important tasks.

Secure: While OTPs can be transferred to other devices and cracked, the best phone-as-token solutions create a 1:1 correlation between the service and the device, essentially fingerprinting it. This means a digital asset cannot be accessed unless the user has the specific device at hand.

Global: Public service employees often travel and work remotely. Through its use of wireless push notifications rather than SMS, this form of 2FA protection is borderless.

Contextual: Unlike other methods of 2FA, this feature provides real-time contextual information that would complement government fraud detection systems. For example, an illegitimate access request might pop up specifying it is coming from Russia, which would be beneficial for locating the source of the threat.

Cost-effective: No additional infrastructure eliminates overhead expenses. With no expiry fees, license renewals or extra inventory, this method reduces the cost of issuing, managing, replacing and administering two-factor authentication systems, and of supporting users, by up to 75 percent compared to hard tokens and PKI certificates.

It is not unfathomable why Ottawa would opt to rely on traditional and therefore trusted legacy methods of 2FA as opposed to taking a risk on cutting-edge solutions. But, in that case, we must ask ourselves: What is the real risk? Does the risk lie in embracing new top-of-the-line technologies for government and public protection or does it lie in sticking to predictable methods of 2FA that, in a rapidly shifting digital landscape, fall utterly short.

The future of 2FA isn’t far off. In fact, it’s here right now, and it’s totally secure. It’s high time the government upgraded to a system that meets the needs of the modern day.

 
Cyphercor’s two-factor authentication solution LoginTC is pre-approved for federal procurement through a PWGSC Software Licensing Supply Arrangement. Cyphercor has also pre-qualified to participate in the Build in Canada Innovation Program (www.logintc.com).

About this author

0 comments

There are no comments for this post yet.

Be the first to comment. Click here.

ICT
 
Have you ever met a virtual human being? By common definition,...
 
Canadian Government Executive Media (CGE) is pleased to announce its first batch...
 
Canadian Government Executive Media (CGE) is pleased to welcome Microsoft as its Platinum Sponsor for...
 
Innovation is vital in every sector; public service is no exception....
 
Canadian government agencies and departments are modernizing the way they do...
 
In this episode, J. Richard Jones talks about the appointment of...
 
Facebook Pages can be an essential tool for businesses and charities,...
 
The Canadian Advanced Technology Alliance (CATA Alliance) is Canada’s One Voice...
 
Over the decades, technology has been grafted into governments around the...
 
The North Atlantic Treaty Organization, with its 28 independent member countries...
 
Please to view this Content. (Not a member? Join Today! )...
 
Please to view this Content. (Not a member? Join Today! )...
 
Please to view this Content. (Not a member? Join Today! )...
 
Please to view this Content. (Not a member? Join Today! )...
 
The Ontario government and telecom gear maker Huawei Canada yesterday announced...
 
Huawei is bringing back to Canada and expanding its information communication...
 
The Province of British Columbia is doubling down on deepening its...
 
Last week the Wall Street Journal, citing anonymous sources, reported that...
 
Written By Jason McNaught Contrary to what you may have heard,...
 
The good news is that the Government of Canada recognizes the...
 
Please to view this Content. (Not a member? Join Today! )...
 
Many Canadian government websites were knocked offline last month including Canada.ca,...
 
High profile individuals are always under scrutiny, especially when it comes...
 
Canada’s penchant for oligopolies is understandable: a vast territory and sparse...
 
The International Open Data Conference kicks off this week in Ottawa....
 
As politicians prepare for the upcoming elections, leveraging mobile devices and...
 
Before the Internet, video was largely synonymous with television, supplemented by...
 
This past August, the Toronto Star reported that in the four...
 
In Budget 2015, the federal government earmarked $58 million over five...
 
Cyber-attacks. From the public perspective, where its a frequent headline, we’re...
 
New technology and the move to mobile are transforming the way...
 
On May 7, British voters will cast ballots and decide the...
 
Team Niew Labs was crowned grand champions of CODE 2015 last...
 
Technology has opened the door. Now governments have unprecedented opportunities to...
 
Canadian Government Executive Media (CGE) announced today that Patrice Dutil has...
 
Canadian Government Executive Media (CGE) announced today that Patrice Dutil has...
 
For skeptics, Google’s recent decision to abandon sales of its current...
 
And then there were 15. Of 125 apps built from open...
 
After early success as a world leader, Canada’s e-government performance has...
 
If you missed the Digital Governance Forum, hosted by the Institute...
 
Digital and mobile technologies are transforming politics, especially the ways in...
 
Adobe is encouraging public sector organizations to take a big leap...
 
There are, of course, thousands of public servants who deliver services...
 
It’s a well-known fact that websites are driven by content. Public...
 
Each year, IBM makes five bold predictions about technologies that “will...
 
During a panel discussion held at GTEC 2014, senior executives from...
 
Westminster parliamentary democracies like Canada’s are widely credited with a high...
 
There was a time when reporters played a significant “gatekeeper” role...
 
In what ways are digital culture and technology affecting our democratic...
 
Connection: governments want it, citizens demand it, technology facilitates it and...
 
How can CIOs set up their teams to be able respond...
 
In both private and public sectors, the management of information has...
 
Our annual GTEC conference, exhibition and distinction awards wrapped up at...
 
Canada Post’s phasing out of home delivery in many urban dwellings...
 
As Canadians, it’s in our DNA to be helpful and to...
 
The role of today’s Chief Information Officer is one of technical...
 
When you think of email management, you probably envision a pristine,...
 
Every member of society craves information that is clear and accessible....
 
A study done by the Social Science Research Network looked at...
 
A significant challenge for Canada in the digital government era is...
 
With its ability to continually evolve and innovate to meet and...
 
As a municipality that truly believes in fostering a culture of...
 
The Green Governance Award won by the City of Grand Prairie...
 
Ottawa’s GTEC 2014 event is in full swing, and its theme,...
 
Social media presents new challenges for all organizations and for government...
 
GTEC honoured the best in government information and communications technology Monday...
 
Fifteen years ago, citizen-centric e-government drove transformation efforts. Today, the new...
 
In Canada’s public sector, the rise of Big Data has meant...
 
For those interested in open government, October could shape up to...
 
In an increasingly connected and fast-paced world, much has been made...
 
More and more of us are watching high profile events such...
 
Is there a gamified approach to citizen engagement by the public...
 
The act of linking people and ideas through communication and relationship...
 
Claims of a social media transformation in politics and government are...
 
For the past two-three years, Bring Your Own Device (BYOD) has...
 
On time, on budget and in scope! How often do you...
 
On July 2nd, Richard Pietro packed up his things and set...
 
Marissa Mayer, the CEO of Yahoo, created a stir in the...
 
Nine former members of the CBC board of directors were reported...
 
The government of Canada is in a constant state of evolution...
 
With a seemingly ubiquitous Internet and mobile devices at every turn,...
 
Technology is moving at such speeds that at times it seems...
 
In the digital age, companies are more than ever looking for...
 
Open data is gaining momentum. A recent hackathon, supported by federal...
 
It’s no secret that we’re all rapidly going mobile. The rate...
 
Adobe held its third annual Digital Government Assembly on Thursday at...
 
The world is going mobile and governments must adapt. Underscoring the...
 
Media Sonar is a London, Ont.-based start-up that works with public...
 
To engage and serve their citizens, public sector organizations are looking...
 
The digital age has changed everything-including governments. Citizens expect the same...
 
Ontarians will now have access to court information online, thanks to...
 
The Canadian healthcare system is famously slow to adopt new technologies....
 
The big issue on the table now is big data and...
 
The government of Canada’s 2013 budget pledged to reduce public service...
 
It has long been recognized in the federal public service that...
 
According to a report by the Ottawa Citizen today, the federal...
 
It may not seem immediately obvious, but public safety is an...
 
Border control is an important element of modern society. We live...
 
Health care is one of the most important services that governments...
 
It may not always seem so, but government and business go...
 
Canada has recently witnessed several important debates concerning the Internet’s widening...
 
In 2011, eight countries signed on to an Open Government Partnership,...
 
Public safety has gone through some significant changes since modern technology...
 
With the rise of “smart power,” distinct from “hard” and “soft”...
 
How much is your property worth? In times past, you would...
 
It has been estimated that each year the Wheel-Trans Department of...
 
Recordkeeping requirements designed for the work environment of the 1990s are...
 
As all eyes turn toward Russia for the Winter Olympics, the...
 
The same power of digital communication that is disrupting the commercial...
 
In August 2013, Shared Services Canada (SSC) posted a notice on...
 
Over the last few months there has been tremendous speculation in...
 
The Royal Canadian Mint has been busy developing a new digital...
 
At the end of November, the Council of Europe hosted the...
 
Do you think technology is something that should be ubiquitous in...
 
commentEmail””:””peter.karwacki@servicecanada.gc.ca””...
 
Governments have taken a page from their private counterparts and started...
 
There is no doubt that advances in information technology have paved...
 
When a public sector IT project is featured on Saturday Night...
 
In 2013, the Canada Revenue Agency won the top honours in...
 
It’s no secret that governments are trying to make social media...
 
It’s hard to believe it’s been just a few months since...
 
Chapter 2 of the Auditor General’s fall 2013 report looks at...
 
In 2001, the government of British Columbia initiated a number of...
 
British Columbia’s Citizens@TheCentre service transformation strategy calls for a shift toward...
 
New technology is changing the way the public service manages offices...
 
The City of Ottawa and a Ryerson University spin-off company called...
 
As a political federation with a sparse population spread unevenly across...
 
As the Canadian government pursues its goal of creating IT efficiencies...
 
Governments have a historical and natural propensity to manage organizations in...
 
Finding federal and provincial agricultural programs and services is just a...
 
As governments seek to improve service delivery for citizens, it is...
 
The CIO Association of Canada, or CIOCAN, is a self-managed, not-for-profit...
 
For the casual observer, openness and transparency are terms that can...
 
Kurt Roemer, chief security strategist at Citrix, was at GTEC 2013...
 
In the past decade, technology has been pushing the boundaries in...
 
GTEC’s theme this year is Agile Government: Open, Collaborative, Mobile. The...
 
Shared Service Canada was launched just over two years ago with...
 
The report in January 2013 of a lost portable hard drive...
 
The government of British Columbia recently launched iMapBC 2.0, an upgraded...
 
This is the best of times for the CIO community. Our...
 
The U.S. State Department, of all departments, has an Open Government...
 
Imagine, for a moment, a world without radio and television (much...
 
The government of New Brunswick has recently taken several steps to...
 
None of us likes the feeling of being watched. This is...
 
Over 80 percent of Canadians are now living in urban areas....
 
You have undoubtedly seen the ad (on TV or YouTube, depending...
 
In the past 20 years, technology has caused a rapid change...
 
Have you ever thought about working from home? Now that most...
 
Researchers led by a network scientist at the Massachusetts Institute of...
 
The government’s increasing reliance on technology to engage with the public,...
 
Cool. Dry. Secure. Since the first data centers came into existence...
 
With cuts in budget, there has been a significant decrease in...
 
PR Newswire contends that silent advertising is sometimes the best advertising:...
 
With the proliferation of social media, governments must ensure they’re taking...
 
This month, the United States government approved Instagram as a social...
 
The federal government has announced that, as of July 2013, all...
 
Sometimes it seems that governments are mesmerized – like deer in...
 
and sometimes to others...
 
What can government learn from the private sector on big data?...
 
Modern Times is the 1936 comedy starring, written, and directed by...
 
CIOs, like others in back-office functions, need to start thinking and...
 
A joint study conducted by Symantec Corp. and the Ponemon Institute...
 
For normal day-to-day work in the office, most people have no...
 
In the midst of cutbacks and crisis, efficiency is vital to...
 
At stake is the evolving apparatus enjoining Canadians with the information...
 
Chances are, when you think about printing you think of large...
 
When Facebook founder Mark Zuckerberg is asked about his company’s volatile...
 
therefore it is only natural that the workforce will change. Trying...
 
It’s no secret that an organization’s people are critical to its...
 
Government is entrusted with the responsibility to shelter and safeguard a...
 
In the summer of 2012, I realized that if I wanted...
 
As the pace of technological change quickens and the demands on...
 
The authentication model for the Internet is changing. We have hit...
 
If technology is the driver, then the management of information must...
 
Faced with the Newtown tragedy, President Obama has sought to make...
 
February 23rd marks the 2013 International Open Data Hackathon day. It’s...
 
The now, seemingly distant 2012 holiday season proved to be fertile...
 
You’re a government security IT professional and you’ve taken the steps...
 
We built it. They came. They left. The reason? Open data...
 
In 2008, President Obama refashioned American politics for a more digital...
 
With real lives on the line, analytics technology helps improve every...
 
As governments seek transformational change to shift from austerity to agility,...
 
Why is it so difficult for governments to implement an enterprise-wide...
 
Canadians are the most digitally engaged country on the planet, by...
 
In recent months, Apple and Samsung have been clobbering one another...
 
When GTEC begins on November 5 in Ottawa, British Columbia will...
 
Steve Jobs once said: “Innovation distinguishes between a leader and a...
 
Why was the IT Shared Services Branch (ITSB) of Public Works...
 
The Ontario Student Assistant Program (OSAP) mobile application is challenging the...
 
commentEmail””:””suebegin4@gmail.com””...
 
With the Treasury Board Secretariat’s release of the Guideline for External...
 
With the initial internet boom of the 1990s now firmly behind...
 
There are several key principles that organizations can use to guide...
 
Governments in Canada know they need to use the Internet better...
 
Our cities are growing at an unprecedented rate. In 1900, only...
 
With the federal public service in a state of budgetary retrenchment,...
 
Web 2.0 is here and it’s only going to get bigger....
 
It’s Saturday afternoon. I’m staring at my dice and a stack...
 
Governments are looking to online as the future of service delivery...
 
Did you know that a lot of white elephants roam the...
 
Call it the little research project that grew....
 
This fall, a select group of American college and university students...
 
In the beginning social media was uncharted territory for the Government...
 
CEOs and CIOs face significant challenges in managing IT budgets in...
 
With healthcare spending typically the single largest component of any government’s...
 
For organizations with aging or redundant IT equipment – like governments...
 
Canadians want smart spending, and to hear about project successes, rather...
 
One of the peculiarities of the 21st century is the correlation...
 
When President Barack Obama campaigns during the coming months for re-election,...
 
As the iCloud takes hold – along with numerous other private,...
 
A new year is a good time to reflect on the...
 
If only it were so. While Shared Services Canada promises simplicity...
 
The securing of a much-coveted majority by Stephen Harper’s Conservatives surely...
 
The federal election campaign has not been particularly kind to cities...
 
Despite the occasional ministerial tweet and public banter about the federal...
 
More than a decade ago, some enterprising folks at Industry Canada...
 
The Royal Canadian Mounted Police are one of Canada’s most critical...
 
Toronto’s new mayor, Rob Ford, has pledged to cut city council...
 
As BlackBerry-maker Research In Motion negotiates with many governments around the...
 
To start with a timeless question: what do woman want? Presumably,...
 
One important consequence of climate change is rising ocean levels. The...
 
Shortly after the Quebec referendum of October 1995 that brought the...
 
As this column goes to print (literally or online as the...
 
Full disclosure – the Conservative government has serious problems with the...
 
Students of public administration struggle with an important contradiction of Westminster...
 
L’opération de promotion à laquelle l’Alberta s’est récemment livrée souligne les...
 
Alberta’s recent branding exercise underscores the tensions and risks inherent in...
 
La plupart des organismes se voient affecter des « directeurs des...
 
With Parliament once again open and a new federal budget in...
 
Two important global events are garnering much attention: the upcoming Winter...
 
The recent scandals plaguing Ontario’s e-health agency carry important lessons for...
 
The Obama administration is appointing “Directors of New Media” for most...
 
Y a-t-il de l’espoir? Une fois de plus, le gouvernement fédéral...
 
Dans le numéro de janvier, Ruth Hubbard et David Zussman nous...
 
In the January issue, Ruth Hubbard and David Zussman discussed the...
 
Combining the digital age with the current climate of financial austerity...
 
The economic downturn and subsequent loss of tax revenues are forcing...
 
Technology has fundamentally changed the way governments and their citizens interact....
 
Poet Rudyard Kipling famously described southeastern Alberta as having “…all hell...
 
As the IT needs of an organization evolve, and existing systems...
 
With 69 percent of IT operating budgets and 54 percent of...
 
From an asset management perspective, Cambridge is tackling infrastructure management with...
 
When Saskatchewan began a Cabinet Modernization Project in 2008, members of...
 
Referring to themselves as the G4, the cities of Ottawa, Toronto,...
 
The first provincial jurisdiction to establish social media guidelines for its...
 
When he was deputy attorney general, Allan Seckel was known for...
 
I’ve spent the better part of the last five years working...
 
Canada’s three national science and technology museums include the Canada Science...
 
In 2008, a project was undertaken by the Canada Science and...
 
Web 2.0 is more than a technology shift. It is a...
 
They say the line between love and hate is a thin...
 
Although it is widely recognized that Canada has great strengths and...
 
Moving to a paperless work environment is not as simple as...
 
Many governments and defence departments around the world have recently announced...
 
When citizens are ‘Googling’ for information about tax credit programs, employment...
 
Today’s Web 2.0 technology appeals to the drive to connect with...
 
A complicated doodle in red, green and black depicts frowning faces,...
 
As the showcase province at this year’s GTEC conference, Manitoba highlighted...
 
When the Canadian army and the Department of National Defence set...
 
The UN’s E-Government Survey for 2012 ranks Canada in a tie...
 
Some title Some author
Some excerpt
 
Some title Some author
Some excerpt
Have you ever met a virtual human being? By common definition,...

Member Login

Forgot Password?

Join Us

Password Reset
Please enter your e-mail address. You will receive a new password via e-mail.