Entrust’s Mark Joynes spoke today at the first INTERPOL Information Security Conference (IISC) in Hong Kong. The three-day event, co-hosted by INTERPOL and the Hong Kong Police, addresses the importance of specific solutions that help solve critical border security challenges and defend against advanced malware attacks.
His presentation, “Strong Identity as the Foundation of Critical Infrastructure Protection,” centered on strength of identity and the need for identity-based security for preparedness, detection and response to cyber- and critical-infrastructure protection.
Joynes, Entrust’s director of product management, explained how strong identity-based solutions are critical for proper global border control. Much like the sophisticated schemes used to steal identities for perpetrating fraud in online banking, there are advanced schemes to steal or manufacture identities in the passport world.
The proper approach for strong border control is to form a tight binding between the individual and the document representing their identity. This helps provide a high assurance that the individual is actually the claimed identity. In fact, the true value is not in the identity itself, but rather the validation of that identity.
Governments, regulatory bodies and security vendors have collaborated on methods for securing identity documents. From first-generation basic access control (BAC) ePassports to second-generation extended access control (EAC) documents, steps are being made to strengthen the validation of identities.
This strategy of using identity-based security doesn’t stop there, however. His presentation also focused on the growth of malware attacks — man-in-the-browser Trojans such as Zeus, SilentBanker and Clampi — and how traditional usernames and passwords, along with many forms of strong authentication, are insufficient to protect against today’s advanced threats.
Whether to defend against simple phishing, man-in-the-middle or the popular man-in-the-browser malware threat, identity-based security solutions are required to properly thwart these attacks.
Look for more from Joynes on his INTERPOL presentation in the coming weeks.