American Cybersecurity

Facial Biometrics: Protecting America’s Infrastructure from Cyberattack

By Tom Thimot, CEO, authID

Between economic sanctions imposed on Russia and White House demands on the private sector to harden cyber defenses, the American cybersecurity ecosystem has reached a boiling point. Following a 2021 executive order to improve national security, the White House Office of Management and Budget (OMB) released a federal strategy to move the U.S. government toward a “zero trust” approach to cybersecurity, driven by the assumption that internal and external threats to network security are ubiquitous and becoming more sophisticated by the day.

A Fraught Cybersecurity Environment

Immediately after Russia invaded Ukraine, cyber enterprise risk management firm Stellar Cyber observed an 800% increase in suspected Russian state-sponsored cyberattacks over a 48-hour period. Neal Higgins, the deputy national cyber director for national cybersecurity at the White House’s Office of the National Cyber Director, said in early June that he fears more aggressive Russian attacks as the war wears on. In addition, cybercrime groups have recently publicly pledged support for the Russian government.

Last year, we saw ransomware incidents against 14 of 16 U.S. critical infrastructure sectors, according to Christopher Wray, director of the Federal Bureau of Investigation (FBI), who recently spoke to the Detroit Economic Club about the agency’s partnership with the private sector to combat cyber threats. Since then, cybercriminal activity targeting American infrastructure and prominent infrastructure companies has been on the rise.

Administration Turns to Enhanced Authentication Methods

Core to the Biden Administration’s mandate is the use of multi-factor authentication (MFA) in IT systems to make it harder for attackers to breach. Pursuant to President Biden’s 2021 executive order, the 2022 OMB memo also set out a strategy for agency systems to “…discontinue support for authentication methods that fail to resist phishing, including protocols that register phone numbers for SMS or voice calls, supply one-time codes, or receive push notifications.”

We have also seen multiple alerts from the federal Cybersecurity and Infrastructure Security Agency (CISA) urging organizations and individuals to take more aggressive steps to protect their digital data – specifically to enforce MFA, the verification of a user’s identity with multiple credentials for enhanced security, for all users, without exception. Further, the National Institute of Standards and Technology (NIST) has discouraged the use of SMS as an “out-of-band authenticator” — a method for delivering a one-time use code for MFA.

As threat actors continue to exploit inadequate security configurations (either misconfigured or left unsecured), weak controls, and other poor cyber hygiene practices to breach or compromise a victim’s system, achieving “zero trust” has become a matter of national security. Now is the time for public and private sector collaboration to adopt MFA, establish trust, and defend against highly sophisticated cybercriminal networks. Three tech giants – Microsoft, Google and Apple – announced their intent to expand their support for a common passwordless sign-in standard created by the FIDO Alliance and the World Wide Web Consortium, which is a great step forward in building passwordless support into their respective platforms. This is an opportunity for these tech leaders to move toward facial biometric authentication, and thus, achieve zero trust.

What is Facial Biometric Authentication?

At a high level, facial biometric authentication is a consent-based facial matching system. Through a one-time “selfie,” authID’s Verified™ confirms consent to conduct specific identity verification transactions and authenticates a person’s biometric in real-time, securely matching the user’s face to the anonymized code that was associated with the account at initial account setup. It stops fraudulent enrollment by requiring the live image of an authorized user in real-time during onboarding and for every subsequent login. Some solutions for biometric authentication like Verified include built-in ID proofing, which goes further than real-time authentication of the user – scanning government-issued documents for the establishment of an identity and providing trust on first use.

When a user accesses a bank account, confirms a payment, or authorizes sharing of sensitive financial, health, or other personally identifiable information (PII), it is essential to both authenticate the user’s identity and confirm that they have provided consent for the transaction. authID’s patented Verified technology provides multi-party MFA, with an extra identity security check for confirming the identity of an account holder or employee initiating a transaction. Leveraging our patented technology, Verified also creates an unchallengeable biometric audit trail with transaction details for all parties.

How Government and Critical Industries Can Achieve Zero Trust

In short, facial biometric authentication provides strong identity assurance that eliminates the potential for fraud and offers an undisputable audit trail to both the account holder and business. This enables private companies and public agencies to achieve zero trust and keep America’s infrastructure and private digital resources safe.

For organizations in the government, energy, education, manufacturing, healthcare, and critical professional services industries, Verified eliminates password-based workforce-related risks like ransomware and reconnaissance. Device-agnostic, Verified works across different device types, OS types, and browser types to secure the entire workforce and removes password liabilities to give organizations the benefits of passwordless authentication.

Once an organization’s network is compromised directly or indirectly through a third party, the potential for damage caused by a hacker is not limited to the company – the harm has far-reaching implications to customers, employees, and assets. Here at authID, we are encouraged by the rising volume of organizations – from banks and fintechs to crypto companies to federal agencies – transitioning toward facial biometrics to protect their systems, data, and the critical services and infrastructure they provide for Americans. Click for more information on Verified Workforce or Verified Consumer.