The missing link in America's National Cybersecurity Strategy

Another executive order from the Trump administration. Another chance to patch a known flaw, squandered. The same overlooked vulnerability still weakens our national security.

The recent executive order on cybersecurity revoked existing digital identity provisions left over from the prior administration – half-measures that were never going to fix the underlying, complex identity challenge our nation faces. Yet, the executive order offered no plans to replace them. 

As someone who has worked inside and outside government, I know first-hand the long-standing digital identity challenges facing the federal government. When I was chief of staff to the federal CIO during the first Trump Administration, our team sounded the alarm on the looming problem of identity-related fraud and called for the creation of dedicated projects to modernize digital identity systems. Meaningful change demands alignment and urgency. Both were missing then, and they’re still missing today.

As a result, agencies have been unprepared, Americans unprotected, and fraudsters unchecked. 

The Trump administration has a meaningful opportunity to change course. There are three immediate steps that federal government leaders should take to build a robust and resilient digital identity ecosystem.

First, the Trump administration should include digital identity as critical infrastructure. If we are serious about protecting America from cyber threats, we cannot continue to treat digital identity as an afterthought. We need an approach to digital identity that is modern, coordinated, and capable of addressing the existential threats posed by our foreign adversaries. By taking this step, digital identity would receive the focus, direction, and investment it requires. 

Transparent performance reporting should be the norm, not the exception. Federal and state agencies need to make meaningful apples-to-apples comparisons of identity management solutions. Federal leaders should implement clear criteria and policies to further the adoption of performance reporting for identity verification, fraud prevention, and customer service. This includes measuring for accuracy, precision, and security.

This is not a new idea. Just recently, the Government Accountability Office recommended the IRS take this step to verify that its identity provider is meeting critical performance goals in case corrective action is needed.

Finally, policymakers and government agency leaders must fast-track the use of artificial intelligence to fight fraud. The slow adoption of advanced tools for verifying digital identities and preventing fraud is a losing strategy.

Bad actors are using AI-enabled deepfakes and synthetic identities to easily bypass traditional approaches to identity verification. It’s time we take the gloves off and enable government agencies to adopt advanced solutions that use responsible AI to verify good identities. Doing so will stop fraud before it happens.

Federal and state government agencies are under constant attack from nation-states, criminal organizations, and fraudsters who are exploiting cracks in our digital identity infrastructure. Fraud costs the federal government well over the reported $521 billion each year. And victims of identity theft are left to deal with the financially and emotionally devastating impacts.

These attacks also represent a significant national security threat. International criminal groups in China, Russia, Egypt, Poland, and other nations are applying for – and receiving – government services and loans at an unprecedented velocity and scale.

They are hitting multiple agencies at once using the same sophisticated tactics. Many believed pandemic-era attacks such as when a group of Chinese hackers stole at least $20 million in small business loans and unemployment insurance funds from over a dozen states were isolated events

The ugly truth is that this is happening everywhere. New research has shown that 1 in 4 fraud attempts target more than one government agency. This undermines critical infrastructure, erodes public trust, and harms the nation’s economy.

Now, the responsibility is on the Trump administration to put forward a strong national strategy for digital identity that fixes our broken system. There is still time, but the clock is ticking. Every day, our adversaries grow stronger, smarter, and more dangerous.  Yet, our nation does precious little to address the challenge.

Without a bold push to fix digital identity, efforts to strengthen our nation’s cybersecurity is like locking the front door while leaving the back door wide open. 

Jordan Burris was previously the chief of staff to the federal CIO during the first Trump Administration and now serves as head of public sector at Socure.