According to the Cyber Threat Observatory from the UK’s Alan Turing Institute, it found that incidents related to digital identity have noticeably increased. This surprise comes from their new report. On June 19, 2024, an environmental justice workshop provided an opportunity to workshop these report findings. What it unearthed was a highly alarming trend of increasing Common Vulnerabilities and Exposures (CVEs) related to digital identity systems. The workshop was held remotely over Zoom. All of these sessions featured industry leaders and country partners, including delegates from Argentina, Sri Lanka, and Zambia, providing dynamic presentations. Our conversations focused primarily on the major takeaways and new trends described in the Observatory’s 2023 report on National Identity Systems.

The Cyber Threat Observatory report was just one piece of the evidence showing a rapid increase in danger around the area of digital identities. Increasing risk comes from the increasing adoption of digital identity solutions. As more people adopt these solutions, they are more exposed to cyber threats. The report emphasizes the immediate imperative to secure our technological and cyber systems.

The number of CVEs associated with digital identity systems has exploded. Originally set at 290 in 2020, the number has almost doubled to 569 per year by 2024. This dramatic uptick is indicative of an expanding attack surface that requires urgent attention and proactive security approaches.

CVEs on the Rise

The report indicated that the number of CVEs associated with Digital ID systems increased steadily from early 2020 through mid-2023. To be clear, there were rocky stretches of volatility during this period. Beginning in late 2023, the report found a significant uptick in CVEs’ rapid pace, pointing to a distressing new trend.

This year-on-year acceleration indicates that cybercriminals are finding more ways to attack and compromise digital identity systems. They have been actively trying to exploit vulnerabilities to gain unauthorized access to sensitive information, such as personally identifiable information (PII). As digital ID systems are adopted and commingled into more facets of everyday life, ensuring the security of these systems will be critical.

The rise in CVEs is indicative of the evolving attack surface posed by digital identity infrastructure. As more services and platforms rely on digital identities for authentication and authorization, the potential for exploitation expands, necessitating enhanced security measures and vigilance.

Workshop Highlights Key Insights

On June 19, we hosted a day-long workshop. It offered an opportunity to talk through how those profound findings could be used to inform strategies to reduce the newly recognized dangers. Transportation experts from all sectors met to discuss the report’s data and come up with solutions that are possible. Ultimately, the event helped spark the important continuous collaboration and knowledge exchange needed to spur further momentum among stakeholders.

and country partners from Argentina, Sri Lanka, and Zambia offered their expertise and insights. During their session, they tackled the challenges and opportunities in securing digital identity systems and their underlying infrastructures. Their amazing experiences and insights gave a global context to the report’s findings, illustrating the different approaches and experiences taking place around the world.

The workshop concluded that this is only possible through effective international cooperation in defending against cyber threats, especially given the growing threat to digital identity systems. It’s through this cooperative engagement that the development of best practices and standards are informed. These enhancements will greatly increase the security and resilience of our nation’s systems and systems around the world.

Implications of Compromised Digital Identities

Identity systems now function as “amplifiers of risk” since their compromise can spread across service layers, affecting healthcare access, financial authorisations, and legal documentation processes.

The implications of compromised digital identities are far reaching beyond each individual data breach. This is especially true when they do have cascading effects across multiple sectors, disrupting critical services and eroding public confidence. Protecting these emergent digital identity systems is thus an imperative for protecting the integrity of critical infrastructure and by extension, societal stability.

A successful Physical vector compromise can undermine the trustworthiness at the root of an identity ecosystem, reversing the validity of every transaction, signature or claim derived from it. - The Turing Institute

The quote illustrates the danger that having a single point of failure could open up the entire system to compromise. This further highlights the importance of having strong security measures from end to end within the digital identity ecosystem.

Improvements in one sector’s security, such as “hardened” digital ID protocols, could benefit other sectors’ security.

This collective strategy is key to developing a more secure and more resilient digital identity ecosystem.