How DOJ Uses ICAM to Fight Fraud
The Office of Justice Programs is using identity, credential, and access management to reduce fraud in federal grants.
The Office of Justice Programs (OJP) needs to ensure the right grants make it to the right people, and identity, credential and access management solutions (ICAM) create a crucial gateway to applicants and awardees.
“Law enforcement officers — and community programs and their officers — they don’t have a lot of time to go through arduous processes,” said Jaime Noble, OJP Deputy Director for IT Security and Deputy Chief Information Security Officer at an FCW event Tuesday. “But we need to make sure that, as stewards of federal dollars, we are giving money to people who are who they say they are.”
To implement ICAM solutions, Noble needed buy-in from department leadership. She explained how an ICAM system would support business processes in addition to securing DOJ’s digital infrastructure.
“There’s only so much money to go around, but I think that presenting security as a business case and really outlining how implementing an identity and access management system — implementing any other aspect of the executive order [on improving the nation’s cybersecurity] — how that is going to benefit the mission and the business,” she said.
Now, OJP uses ICAM solutions to vet system users and ensure the proper awardees access federal funding.
“One thing that we get audited on every year is fraud, waste and abuse,” Noble said. “Who is getting access to this money? Is it the right amount of money? And also the confidentiality of the data in our system, the integrity of that system, the availability of it. … We want these funds to go to specific organizations and entities for very specific purposes. And so to that end, identity and access governance really is the gatekeeper of that.”
But ICAM solutions can hinder mission delivery if they introduce too much user friction, Noble added.
“Maybe there are some risk-based decisions that we need to make,” she said. “Let’s say you have a role of a state governor accepting an award. If the two or three times a year you have to log in to the system you have to go through eighteen checks just to get it there to accept that award, that causes a lot of friction. What that ends up setting up is that their assistant or their deputy maybe has the password and the login information. That’s something, from a security perspective, that we really don’t want to happen.”
OJP is currently collecting data on when people run into issues — whether they’re having trouble with password recollection, MFA access, entity administrators, or other hurdles — and working to increase efficiency and enhance the user experience.
“If the system is slowing down and people can’t use it, it doesn’t really matter what security we’re putting on there,” Noble said. “Because that’s really what [user’s] care about, is their mission.”
This is a carousel with manually rotating slides. Use Next and Previous buttons to navigate or jump to a slide with the slide dots
-
Looking Back at the First Trump Administration's Tech Priorities
In his first term, Donald Trump supported cybersecurity, space policy and artificial intelligence development.
4m read -
Securing the Expanding Attack Surface in Cyberspace
Agencies undergoing digital transformation face a more intricate threat landscape and a wider threat target for adversaries looking to exploit vulnerabilities. This panel dives into strategies agencies are undertaking to safeguard these complex environments, including zero-trust architecture, vigilant monitoring and robust cybersecurity training.
30m watch -
Elevating Cybersecurity in the Intelligence Community
The Intelligence Community is developing strategies to protect data and strengthen resiliency against emerging cyber threats.
30m watch -
AI Revolutionizes Cybersecurity by Doing What Humans Cannot
Leaders from NSA, GAO and industry say that artificial intelligence can augment the cybersecurity workforce, but the work must be auditable and explainable.
4m read