Digital identity resurfaces in updated US cybersecurity plan, but not much is new

May 10, 2024

88 2 minutes read

Untitled design6 — passwordless mfa scaled.jpg

The U.S. government has released the second version of its National Cybersecurity Strategy Implementation Plan (NCSIP), and digital ID has re-entered the picture, albeit briefly.

A White House press release says the updated roadmap outlines actions to improve U.S. national cybersecurity posture, including “high-impact Federal initiatives, each intended to substantively increase our collective digital security and systemic resilience.”

Strategic Objective 4.5 is “Support Development of a Digital Identity Ecosystem,” which comes with a promise of federal investment in “strong, verifiable digital identity solutions that promote security, accessibility and interoperability, financial and social inclusion, consumer privacy, and economic growth.”

Specifically, it says the National Institute of Standards and Technology (NIST) is responsible for advancing “research and guidance that supports innovation in the digital identity ecosystem through public and private collaboration,” which may include “publishing digital identity guidelines, evaluating facial recognition and analysis technology, and publishing considerations for Attribute Validation Services.” The program is to build on the NIST-led digital identity research program authorized in the CHIPS and Science Act, with intent to strengthen digital credentials, conduct foundational research, update standards and guidelines to support interoperability, and develop digital identity platforms that promote transparency and accountability.

However, as observers have pointed out on social media, the language of the objective mostly implies an intent to stay the current course. Posting on X/Twitter, user Jeremy Grant says “Digital identity has magically reappeared in the new version of the White House National Cybersecurity Strategy implementation plan,” after being ignored in the first version. However, “the only thing it says is that NIST should keep doing what it has been doing for years. Which will not be enough.”

The original NCSIP, signed by President Joe Biden in March 2023 and published in July 2023, listed 36 initiatives with a completion date on or before the second quarter of fiscal year 2024. Of those, 33 have been completed. The updated NCSIP includes 31 new initiatives, with six agencies in leadership positions for the first time.

The Biden-Harris administration’s strategy stands on four pillars: defending critical infrastructure, disrupting and dismantling threat actors, shaping market forces to drive security and resilience, and investing in resilient next-generation technologies and infrastructure.