Identity is the foundation of cyber security

Organizations have become accustomed to logging into the systems they want to protect. Yet, it is striking how little attention Cybersecurity Awareness Month devotes to securing user identities. The reality is that no matter how much is invested in cybersecurity, without robust identity protection, your defenses are fundamentally compromised. Conversely, any strategy that prioritizes secure user identities will always outperform those that do not. So why is securing user identities so often missing from the cybersecurity conversation?

The National Cyber Warfare Foundation (NCWF) operates Cyber Warfare Ranges that are under relentless attack from Advanced Persistent Threats (APTs), hackers, and cybercriminal organizations. We face not only external threats but insider threats as well, with anyone able to visit our ranges across the country and connect to our networks. Since our founding in 2012, it became clear that attackers are primarily targeting user identities. Given that our foundation is run by volunteers who are continuously learning and refining their cybersecurity skills, how does the NCWF stay secure in a landscape where even the most advanced organizations fall prey to cyber-attacks?

Data from the Ponemon Institute and Cisco Talos reveals that over 80% of breaches involve compromised user credentials. If this is where the majority of cybersecurity risk lies, why isn’t securing user identities a top priority for every organization?

Understanding the Disconnect: Why Securing User Identities is Absent from Cybersecurity Discussions

Identity protocols have not significantly evolved in over 40 years. Most systems still rely on the outdated LDAP protocol, originally designed for telephone directories in the 1970s. Even today’s “modern” single sign-on (SSO) solutions often rely on OAuth 2.0, a protocol with known vulnerabilities that are frequently exploited.

Organizations attempting to address these issues face a myriad of challenges, including poor documentation, discrepancies in protocol implementation, and entrenched legacy systems that resist change. These obstacles create a significant barrier to innovation, making it nearly impossible for most organizations to afford a comprehensive overhaul of their identity systems.

The Impact of Stagnation: Why Securing User Identities Isn't the Highest Priority

With outdated protocols and a lack of innovation, organizations are left feeling that only incremental changes are possible. This sense of resignation allows "identity solution" vendors to thrive, often capitalizing on breaches and incidents by offering reactive solutions that add layers of complexity but do little to address the core issues. For example, many companies implement multi-factor authentication (MFA) in response to breaches. While MFA can make attacks more challenging, it is far from foolproof. Sophisticated attackers have already adapted, finding ways to compromise MFA by targeting administrators or exploiting weaknesses in telecom policies.

The high-profile case of MGM Hotels illustrates this dynamic: attackers bypassed security by targeting MFA administrators, making it even more difficult to remove them once they gained access. This highlights a critical weakness: attackers continuously outspend and out-innovate traditional security measures.

How the NCWF Maintains Security Amid Constant Threats

In 2017, the NCWF faced a critical challenge from evolving privacy regulations like GDPR, forcing us to rethink our approach to identity security. We developed a new system called the Identity Bank, specifically designed to secure user identities while addressing compliance requirements without manual intervention.

This innovation allowed us to consolidate multiple user databases and streamline identity management across various protocols, devices, and systems used in our Cyber Warfare Ranges. By re-engineering common identity protocols from the ground up, we created a system where users only need a single login for everything we operate—from workstations and servers to IoT devices and robotic process automation (RPA) tools.

Our system employs Continuous Adaptive Trust (CAT), a dynamic security model that continuously assesses and adapts to user behavior, making it nearly impossible for attackers to exploit lost or stolen credentials. To demonstrate our confidence, we even publish administrative user credentials at hacker conferences, knowing that the robustness of our identity system renders them useless to attackers.

For instance, “ED209,” named after the robot from RoboCop, is an administrative user on all our systems with the simple password “password.” Despite this, our innovative security measures ensure that compromised credentials do not equate to compromised systems.

Empowering the Future of Cybersecurity Through Identity Innovation

By redefining how we manage user identities, the NCWF empowers its volunteers, from beginners to seasoned experts, to operate securely without the constant fear of identity breaches. Our approach demonstrates that a strong focus on secure user identities can protect against even the most sophisticated cyber threats.

Securing user identities isn’t just another task on the cybersecurity checklist—it’s the foundation upon which all other security measures depend. For organizations that truly want to protect themselves, the message is clear: start with identity, or risk being left vulnerable.