Join “Identity in Conflict” (June 21) to help the Ukrainian situation

On June 21, I will be hosting a workshop titled “Identity in Conflict” at Identiverse.

Identity in Conflict

  • Tuesday, June 21, 11:30 am – 12:20 pm MDT
  • In times of instability and uncertainty, the reliability and trustworthiness of our identity systems become especially important. This workshop examines two areas in particular—identity management for displaced people, and the protection of government identity systems—and seeks to establish some ground rules to ensure that critical identity systems are robust and fit for purpose.

This session was realised after I proposed it to the organisers in response to the Ukrainian invasion that began on 24 February this year. I can only thank the organisers for squeezing it into a programme that was already full.

The challenges of identity in conflict can be broadly divided into two main categories

  1. Identity Management of the displaced people 
    1. how to provide aid and other services (e.g. banking) to them
    2. how to protect them from targeted misinformation to the displaced and the people surrounding them
  2. Identity Management of the government systems
    1. how to fight off and protect their system from the enemy attack
    2. continuity strategy

Identity Management of the displaced people

Ukrainian woman holds her three children all sad from being forced to flee their home country and become refugees.

Topic #1 alone spreads many aspects of identity management. For example,

  • Identity proofing of displaced people. 
    • Core identity attributes; 
    • Information needed to establish necessary accounts (e.g., bank, phone, electricity, house)  at the new locations
    • Qualifications that are useful to re-establish their living in the new location (e.g., degree, diploma, etc.)
  • Targeted attacks towards vulnerable populations (by filtering them using collected/observed attributes)
    • Targeted Mis/Dis-information
      • This can happen both to the displaced people as well as the people in the area accepting the former. 
    • Other Targeted Attacks
  • Attacks against aid agencies
    • Getting aid by misrepresentation/masquerading
    • Infiltrating as a refugee
  • Scenarios to be taken into account: 
    • Refugees at supporter’s homes
    • Refugee camps
    • Oppressed or “forgotten” population within a country

are just some of them.

Identity Management of the government systems

Then topic #2 is another huge subject.

Since the invasion started, we have seen a 3000% increase in phishing attacks against the Ukrainian Government. In response, Yubico sent 20,000 Yubikey but that is not the end of the story. Many systems only accept smartcards with the GOST (Russian version of NIST) algorithm. This, combined with information from certain sources that almost all government systems have already been hacked, gives a lot to think about.

In this workshop, we are lucky to have someone fighting against aggression flying in from Ukraine. As such, I will devote most of the 50 minutes to topic #2 and will only mention the issues around #1 at the beginning, hoping that we can continue the discussion throughout the conference and after.

If you are going to be at the Identiverse 2022, please join the session.

Updates

Unfortunately, Oleg did not get permission to leave Ukraine so he could not come but John Bradely from Yubico filled in.

The slides I used is here:

The site Yuri announced at the end of the panel: Helping to defend Ukraine cyberspace

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.