Global: Updated US Cybersecurity Plan Revisits Digital Identity, But Offers Few Innovations

The U.S. government has unveiled the second iteration of its National Cybersecurity Strategy Implementation Plan (NCSIP), bringing digital identity back into focus, albeit with limited advancements.

In a White House press release, the updated roadmap highlights measures aimed at enhancing the national cybersecurity posture, including “high-impact Federal initiatives” designed to bolster collective digital security and systemic resilience.

Strategic Objective 4.5, titled “Support Development of a Digital Identity Ecosystem,” pledges federal investment in “robust, verifiable digital identity solutions” that prioritize security, accessibility, interoperability, financial and social inclusion, consumer privacy, and economic growth.

Specifically, the plan entrusts the National Institute of Standards and Technology (NIST) with the responsibility of advancing research and guidance to foster innovation in the digital identity ecosystem through collaborative efforts between the public and private sectors. This may encompass the publication of digital identity guidelines, assessment of facial recognition technology, and delineation of considerations for Attribute Validation Services. The initiative builds upon the NIST-led digital identity research program authorized in the CHIPS and Science Act, with a focus on fortifying digital credentials, conducting foundational research, updating standards and guidelines to ensure interoperability, and developing transparent and accountable digital identity platforms.

However, critics have observed that the language of the objective largely suggests a continuation of existing strategies. Jeremy Grant, a user on X/Twitter, notes that “Digital identity has magically reappeared in the new version of the White House National Cybersecurity Strategy implementation plan,” after being overlooked in the initial version. However, he points out that “the only thing it says is that NIST should keep doing what it has been doing for years. Which will not be enough.”

The original NCSIP, endorsed by President Joe Biden in March 2023 and published in July 2023, outlined 36 initiatives slated for completion by the second quarter of fiscal year 2024, of which 33 have been fulfilled. The updated plan introduces 31 new initiatives, with six agencies assuming leadership roles for the first time.

The cybersecurity strategy of the Biden-Harris administration rests on four pillars: safeguarding critical infrastructure, disrupting and neutralizing threat actors, shaping market dynamics to bolster security and resilience, and investing in resilient next-generation technologies and infrastructure.