Modern cybersecurity

CISA Official Says Outdated Tech Slowing Federal Adoption of Multi-Factor Authentication

Outdated technologies are holding back federal agencies from fully complying with modern cybersecurity standards, including multi-factor authentication, a homeland security official said.

MFA is a security measure that requires individuals to present two or more types of credentials before being allowed to access an account.

Eric Goldstein, the executive director of cybersecurity at the Cybersecurity and Infrastructure Security Agency, said that a considerable number of agencies are still reliant on old systems that complicate the implementation of MFA, CyberScoop reported Wednesday.

According to Goldstein, MFA could prevent up to 90 percent of all otherwise cyberattacks. He said that a possible way to speed up adoption is for agencies to increasingly shift their budget toward the effort.

The official said that he does not think that it will take years for the government to meet its MFA goals. “Obviously, every agency and every system is going to be unique,” he said on the sidelines of 2022 RSA Conference.

MFA is a key element of President Joe Biden’s May 2021 executive order on strengthening national cybersecurity. The executive order directs federal agencies to regularly report their progress on MFA to CISA and other authorities.

Biden is currently calling on appropriators to add dollars to the Technology Modernization Fund, a government-wide loans program that agencies may tap into to fund modernization and cybersecurity projects.

Industry groups have also urged appropriators to meet or exceed the president’s request to add $300 million to TMF.