Encouraging ENISA to Act
I sent the following message to ENISA (The European Union Agency for Cybersecurity) -
It is very nice to hear that you are ready to listen to me further even though I am not an EU citizen.
I wrote to ENISA because EU is the centre of gravity of global cybersecurity for the reason that every security professional knows too well. Whatever ENISA does and does not would have a huge impact all over the rest of the world.
First of all, I would like to see you respect logic, only logic, being not influenced by the history, authority and reputation of loud big known players or the prejudice and bias about small unknown players. Please follow logic only.
Well, let me summarise our proposition again as follows.
1. Our digital identity is weak. Alarmingly we are witnessing the already weak identity security being further weakened from within by the people who are presumably trapped in a cognitive pitfall, if not by a deliberate cyber sabotage.
2. Doing nothing to improve the weak security is one thing. Doing nothing to stop the already weak security from being further weakened is another. We should first focus on the latter now.
3. In view of the above, ENISA could issue a statement to the effect that ‘Passwordless’ and ‘Biometrics’ authentication schemes could be deployed where ‘Availability and Convenience’ matters more than ‘Identity Security’, but should not be deployed where ‘Identity Security’ matters more than ’Availability and Convenience’.
It is especially imperative that government agencies and organisations that need to handle classified information, certainly with defence forces included, must keep away from the passwordless and biometrics authentication schemes without any exceptions.
The rationale of this proposition was provided in my earlier messages. More discussions are collected here — “LOSS of Security Taken for GAIN of Security” https://www.linkedin.com/pulse/loss-security-taken-gain-hitoshi-kokumai/
4. I wish that you will act sooner than later; I do not believe that our adversaries will be happy to halt their operations while we are off.
…………………………………………………..
in reply to ENISA’s message to me reading -
In light of the information you conveyed, we would like to ask if you could explain to us what the threat is in your opinion and what the solution(s) could be. What would you expect ENISA to do in this respect?
Obviously, we would very much welcome your good practices or those you possibly share with other countries and continents such as Japan if that is the case.
The topic is of course very relevant to our mandate and we could set up a call with you to discuss the suggested ideas. However, we could only envisage such call in January or February next year as we have entered the end-of year closing activities making it a very busy period for us right now.
As an European Union agency, ENISA does not normally engage with non-EU experts. Regardless, we would still be glad to assess your input.
………………………………………………………………………………
The above message from ENISA was a response to my following message sent out a few days earlier -
It is quite some time since I started to provide information on the peril of “passwordless” authentication schemes. I am now getting really puzzled by your silence.
In view of The European Commission’s recent proposition on a cyber defense policy, I have now published a fresh message on this issue — “Terrifying Silence of Security Organisations”
I wish that ENISA is not taking the course towards being one of them.
PS Your experts might, by any chance, be interested in these posts -
“I support Passwordless Authentication where Convenience Matters More than Security”
“I support Biometrics as a Technology”
…………………………………………………
It is encouraging to see ENISA paying a further attention to our discussion. I do wish that it will lead to ENISA’s decisive action to rectify the current chaotic and perilous situation that is only benefitting the adversaries of democracy.
Website — https://www.mnemonicidentitysolutions.com/
Digital identity blogs collected at https://www.linkedin.com/pulse/collection-digital-identity-comments-hitoshi-kokumai-posted-kokumai/
