Today, the White House released its Executive Order on Strengthening and Promoting Innovation in the Nation’s Cybersecurity. In an era defined by rapid technological advancements, the executive order aims to strengthen and promote innovation in cybersecurity while promoting the safety and resilience of the digital tools agencies rely on. We are encouraged to see the executive order address key digital Identity initiatives. Let’s break them down below.

Key digital Identity initiatives

Sections three (3) and five (5) of the executive order put digital Identity back on the frontlines of cybersecurity.

SECTION 3:  Modernizing federal government cybersecurity

Prioritize phishing-resistant authentication

The executive order builds on the deployments that the Office of Management and Budget and the Cybersecurity and Infrastructure Security Agency have established since the preceding Executive Order’s release. It directs agencies to modernize their Identity, Credential, and Access Management (ICAM) practices by using phishing-resistant multi-factor authentication, such as WebAuthn, in pilot developments.

• How Okta supports: Agencies can leverage a wide range of FIDO2-certified security keys with Okta’s passwordless authenticator, Okta FastPass. Okta FastPass's use of public key cryptography is resistant to common phishing attacks. It allows users to authenticate with a biometric or a PIN and ensures that only authorized users can access sensitive data. 

Encryption of data at rest and in transit

The executive order directs agencies to encrypt data at rest and in transit to the maximum extent consistent with federal records laws. Section 3’s ICAM focus on data hygiene standards looks to raise the bar for digital Identity solutions within federal systems more prescriptively to strengthen cloud security against advanced persistent threats (APTs) in the recent past.

• How Okta supports: Okta encrypts data at rest using AES-256 encryption, an industry-standard encryption algorithm. Okta’s robust key management system includes Hardware Security Modules (HSMs) and key derivation functions to ensure the security of keys. Okta also separates customer data to prevent unauthorized access, leaving each customer's data encrypted with a unique encryption key.  Okta uses Transport Layer Security (TLS) to encrypt all data in transit between users and the Okta service, ensuring that data remains confidential even if intercepted during transmission.

Enable government-wide visibility of attacker activity

The executive order continues prioritizing agencies' adoption of proven cloud security technologies from the industry. CISA is also further directed to collect actionable threat information across government networks to better defend federal and private sector networks.

• How Okta supports: Okta’s comprehensive logs and reports on user activity, authentication events, and security incidents help agencies detect and respond to threats quickly and enable CISA threat hunters to reduce scope creep when addressing emerging threats.  Okta also integrates with leading Security Information and Event Management tools to provide a centralized view of security events across agency missions, crucial to broadening across federal government networks as directed in the executive order. 

SECTION 5:  Solutions to combat cybercrime and fraud

Promote privacy-preserving digital Identity documents, mobile driver’s licenses (mDL), and verification systems

The executive order looks to accelerate the adoption of private-sector digital Identity technologies to make the U.S. Government more efficient, safeguard benefit programs, and protect Americans from cyber-enabled crimes including Identity fraud. In addition, agencies with grantmaking authority are directed to work with the Office of Management and Budget and the National Security Council to determine where grant funding exists to assist states in developing and issuing mDLs.

• How Okta supports: Auth0 by Okta would allow state governments to verify mDLs presented by individuals. For example, this would help states comply with age verification requirements (e.g., for alcohol or tobacco sales) or securely authenticate users for various taxpayer services. Okta's verification process allows users to share only the necessary information from their mDL, minimizing data exposure and protecting privacy.  Going a step further, by integrating mDL verification into workflows, states can provide a frictionless and convenient experience for their community, reducing transitive risk and improving state benefit programs.  

  Okta also actively participates in industry initiatives and collaborates with state agencies, including Departments of Motor Vehicles to ensure our solutions align with evolving mDL standards and best practices. Okta partners with other technology providers in the Identity ecosystem to provide comprehensive solutions for mDL issuance, storage, and verification.  Okta's support for mDLs and the intent of this executive order is a key step toward a future where digital Identity is secure, privacy-preserving, universally accepted, and increases the level of trust and confidence in taxpayer services.

Conclusion 

As federal agencies, state governments, and private-sector organizations rush to comply with the new executive order’s strategy, demand for actionable implementation guidelines around ICAM and digital Identity will likely surge. Public-to-private partnerships will bring a community approach to more objectively develop open standards and defendable implementation guidelines.

Okta’s worldview offers customers choice and convenience. Through Okta's neutrality, customers can choose the best endpoint security products, collaboration applications, cloud infrastructures, and innovative tools. We look forward to working with Congress, policymakers, and agencies to support these efforts and promote America’s digital economy. You can experience our commitment live during our upcoming Government Identity Summit. Register now.