National Strategy for Trusted Identities in Cyberspace

Slides:



Advertisements
Similar presentations
NOTE: To change the image on this slide, select the picture and delete it. Then click the Pictures icon in the placeholde r to insert your own image. Cybersecurity.
Advertisements

1 National Strategy for Trusted Identities in Cyberspace Identity in Cyberspace: Improving Trust via Public-Private Partnerships Jeremy Grant Senior Executive.
IDESG Goals & Work-plans for 2013 and beyond Brett McDowell IDESG Management Council Chair
The Financial Modernization Act of 1999, also known as the Gramm-Leach-Bliley Act (GLBA) UNDERSTANDING AND DEVELOPING A STRATEGIC PLAN TO BECOME COMPLIANT.
Identity Management In A Federated Environment Identity Protection and Management Conference Presented by Samuel P. Jenkins, Director Defense Privacy and.
1 National Strategy for Trusted Identities in Cyberspace National Strategy for Trusted Identities in Cyberspace Jeremy Grant NIST.
Cross Sector Digital Identity Initiative March 12, 2014 Hearing on the National Strategy for Trusted Identities in Cyberspace (NSTIC) Cross Sector Digital.
Chief Information Officer Branch Gestion du dirigeant principal de l’information “We will have a world class public key infrastructure in place” Prime.
Building Trusted Transactions Identity Authentication & Attribute Exchange In Public and Private Federations OASIS Conference September 2010 Joni Brennan,
The Business of Identity Management Barry R. Ribbeck Director Systems Architecture & Infrastructure Rice University
Social Security  1935 – Retirement Insurance  1939 – Survivors Insurance  1956 – Disability Insurance History of Social Security.
Bill Newhouse Program Lead National Initiative for Cybersecurity Education Cybersecurity R&D Coordination National Institute of Standards and Technology.
BITS Proprietary and Confidential © BITS Security and Technology Risks: Risk Mitigation Activities of US Financial Institutions John Carlson Senior.
Government of CanadaGouvernement du Canada Service Transformation through Government On-Line Helen McDonald Director General, Office of the Chief Information.
1 International Forum on Trade Facilitation May 2003 Trade Facilitation, Security Concerns and the Postal Industry Thomas E. Leavey Director General, UPU.
1 National Strategy for Trusted Identities in Cyberspace Identity in Cyberspace: Improving Trust and Driving Business via Public- Private Partnerships.
1 National Strategy for Trusted Identities in Cyberspace Identity in Cyberspace: Improving Trust via Public-Private Partnerships Jeremy Grant and Naomi.
1 National Strategy for Trusted Identities in Cyberspace Identity in Cyberspace: Improving Trust via Public-Private Partnerships Jeremy Grant Senior Executive.
1 Identity and Transparency ( Bridging the GAPS of Governance Bridging the GAPS of Governance in eGov Initiatives in eGov Initiatives )‏ Badri Sriraman.
BOTSWANA NATIONAL CYBER SECURITY STRATEGY PROJECT
TFTM Interim Trust Mark/Listing Approach Paper Analysis of Current Industry Trustmark Programs and GTRI PILOT Approach Discussion Deck TFTM Committee.
1 National Strategy for Trusted Identities in Cyberspace National Strategy for Trusted Identities in Cyberspace Jeremy Grant NIST April 6, 2011.
State Alliance for e-Health Conference Meeting January 26, 2007.
Federated or Not: Secure Identity Management Janemarie Duh Identity Management Systems Architect Chair, Security Working Group ITS, Lafayette College.
1 The Federal Shared Youth Vision Partnership A Federal Partnership between the Corporation for National community Service;
State HIE Program Chris Muir Program Manager for Western/Mid-western States.
JOINING UP GOVERNMENTS EUROPEAN COMMISSION Establishing a European Union Location Framework.
Cloud Computing, Policy Management and Standardization Europe Identity Conference 2011 John Sabo, Director Global Government Relations, CA Technologies.
Scalable Trust Community Framework STCF (01/07/2013)
National Cybersecurity Center of Excellence Increasing the deployment and use of standards-based security technologies Mid-Atlantic Federal Lab Consortium.
NSTIC and the Identity Ecosystem Jim Sheire Senior Advisor NSTIC National Program Office, NIST 14 November 2012.
Electronic Clinical Quality Measures – Session #1 ONC Resource Center.
Protecting Yourself from Fraud including Identity Theft Personal Finance.
Medicaid/SCHIP Technical Assistance for Health IT/HIE 2008 AHRQ Annual Conference Presented by: Linda Dimitropoulos, RTI International.
The Value of Creating the Identity Ecosystem. The Identity Ecosystem Steering Group (IDESG) is the source of expertise, guidance, best practices and tools.
19-20 October 2010 IT Directors’ Group meeting 1 Item 6 of the agenda ISA programme Pascal JACQUES Unit B2 - Methodology/Research Local Informatics Security.
Preparing to Implement HITECH A New Report from the State Alliance For E-Health Ree Sailors Kentucky e-Health Summit September 16, 2009.
© DataCard Corporation. All rights reserved. TRENDS IN eGOVERNMENT Drivers, applications and technologies.
EUROPEAN SECURITY POLICY A SNAPSHOT ON SURVEILLANCE AND PRIVACY DESSI WORKSHOP, CPH 24 JUNE 2014 Birgitte Kofod Olsen, Chair Danish Council for Digital.
A Brief Introduction Radiant Pay, a global provider of payment processing services to all kinds of business, Radiant Pay Services.
Sachin H. Jain, MD, MBA Office of the National Coordinator for Health IT United States Department of Health and Human Services The Nation’s Health IT Agenda:
The Federal E-Authentication Initiative David Temoshok Director, Identity Policy GSA Office of Governmentwide Policy February 12, 2004 The E-Authentication.
E-Authentication Guidance Jeanette Thornton, Office of Management and Budget “Getting to Green with E-Authentication” February 3, 2004 Executive Session.
Combating Identity Fraud In A Virtual World
NATIONAL e-STRATEGY Presentation to the Portfolio Committee on Telecommunications & Postal Services DG: ROBERT NKUNA AUGUST 2017 Building a better life.
Identity on the Internet
Update from the Faster Payments Task Force
Emerging Payments Market Developments: Trends and Risks James Van Dyke, President and Founder Presented at the Federal Reserve Bank of Atlanta, November.
Innovative Solutions from Internet2
Higher Education’s Role in the Identity Ecosystem
E-BANKING RISK MANAGEMENT
Understanding Credit Reports Essentials Advanced Level
NSF INCLUDES – DESIGN AND DEVELOPMENT LAUNCH PILOTS
National Strategy for Trusted Identities in Cyberspace Jeremy Grant
HOSTED BY IN PARTNERSHIP WITH SUPPORTED BY Barcelona iCapital 2015.
Protecting the Integrity of Federal Payments
Standards for success in city IT and construction projects
8 Building Blocks of National Cyber Strategies
VERMONT INFORMATION TECHNOLOGY LEADERS
National Cyber Strategy Preparedness: 8 Preparatory Questions
Cyber Security and Consumer Financial Transactions Data Security
Internet Interconnection
An Industry Perspective Nicole Denjoy COCIR Secretary General
Olli-Pekka Rissanen HRWG, Helsinki 11th September 2006
Protecting Yourself from Fraud including Identity Theft
Electronic Services from a School's Perspective PESC Annual Conference on Standards in Higher Education Judith Nemerovski Flink Director of Student Financial.
Olli-Pekka Rissanen Troika Secretariat, Helsinki 17th July 2006
Protecting Yourself from Fraud including Identity Theft
Current and Emerging Trends in the Insurance Sector
Jeremy Grant Coordinator Better Identity Coalition
Presentation transcript:

National Strategy for Trusted Identities in Cyberspace David Sinclair

What is NSTIC? Called for in President’s Cyberspace Policy Review (May 2009): a “cybersecurity focused identity management vision and strategy…that addresses privacy and civil-liberties interests, leveraging privacy-enhancing technologies for the nation.” Guiding Principles Privacy-Enhancing and Voluntary Secure and Resilient Interoperable Cost-Effective and Easy To Use NSTIC calls for an Identity Ecosystem, “an online environment where individuals and organizations will be able to trust each other because they follow agreed upon standards to obtain and authenticate their digital identities.” 7/3/2019

Fraud Statistics Identity Theft / Fraud Statistics Data Average number of U.S. identity fraud victims annually 11,571,900 Percent of U.S. households that reported some type of identity fraud 7 % Average financial loss per identity theft incident $4,930 Total financial loss attributed to identity theft in 2013 $21 billion Total financial loss attributed to identity theft in 2010 $13.2 billion Percent of Reported Identity Thefts by Type of Fraud Percent Reported Misuse of Existing Credit Card 64.1 % Misuse of Other Existing Bank Account 35 % Misuse of Personal Information 14.2 %

Head of Household Characteristic that Experienced Identity Theft Percent in Category The following represents the demographic of the head of household for which the fraud was reported. The corresponding percent is the total percent that reported a fraud inside the specific category. Age   18 – 24 8.5 % 25 – 34 7.6 % 35 – 49 7.9 % 50 – 64 7.3 % 65 + 4.3 % Race White Black / African American 5.2 % Hispanic 5.8 % American Indian / Alaska Native 6.1 % Asian / Hawaiian / Pacific Islander Two or More Races 11.6 % Marital Status Married 8 % Not Married 6 % Household Income - $7,500 5.3 % $7,500 – $14,999 4.8 % $15,000 – $24,999 4.6 % $25,000 – $34,999 6.0 % $35,000 – $49,999 6.6 % $50,000 – $74,999 $75,000 + 12.3 %

The Problem Today Usernames and passwords are broken Most people have 25 different passwords, or use the same one over and over Even strong passwords are vulnerable…criminals have many paths to easily capture “keys to the kingdom” Rising costs of identity theft 11.6M U.S. victims (+13% YoY) in 2011 at a cost of $37 billion 67% increase in # of Americans impacted by data breaches in 2011 (Source: Javelin Strategy & Research) A common vector of attack Sony Playstation, Zappos, Lulzsec, LinkedIn, among dozens of 2011-12 breaches tied to passwords. 7/3/2019

The Problem Today Identities are difficult to verify over the internet Numerous government services still must be conducted in person or by mail, leading to continual rising costs for state, local and federal governments Electronic health records could save billions, but can’t move forward without solving authentication challenge for providers and individuals Many transactions, such as signing an auto loan or a mortgage, are still considered too risky to conduct online due to liability risks 7/3/2019

The Problem Today Privacy remains a challenge Individuals often must provide more personally identifiable information (PII) than necessary for a particular transaction This data is often stored, creating “honey pots” of information for cybercriminals to pursue Individuals have few practical means to control use of their information 7/3/2019

Trusted Identities Provide a Foundation Economic benefits Improved privacy standards Enhanced security TRUSTED IDENTITIES Enable new types of transactions online Reduce costs for sensitive transactions Improve customer experiences Offer citizens more control over when and how data is revealed Share minimal amount of information Fight cybercrime and identity theft Increased consumer confidence 7/3/2019

January 1, 2016 Privacy-enhancing Secure Interoperable The Identity Ecosystem: Individuals can choose among multiple identity providers and digital credentials for convenient, secure, and privacy-enhancing transactions anywhere, anytime. Privacy-enhancing Secure Interoperable Cost-effective and easy to use Apply for mortgage online with e-signature Online shopping with minimal sharing of PII Trustworthy critical service delivery Secure Sign-On to state website Security ‘built-into’ system to reduce user error Privately post location to her friends 7/3/2019

What Does NSTIC Call For? Private sector will lead the effort Federal government will provide support Not a government-run identity program Private sector is in the best position to drive technologies and solutions… …and ensure the Identity Ecosystem offers improved online trust and better customer experiences Help develop a private-sector led governance model Facilitate and lead development of interoperable standards Provide clarity on national policy and legal framework around liability and privacy Fund pilots to stimulate the marketplace Act as an early adopter to stimulate demand 7/3/2019

Key Implementation Steps Created an Identity Ecosystem Steering Group: Summer 2012 http://www.idecosystem.org/ NIST awarded 2-year grant to fund a privately-led Steering Group to convene stakeholders and craft standards and policies to create an Identity Ecosystem Framework Convene the Private Sector 5 pilots totaling $9.2M awarded September, 2012 Challenge-based approach focused on addressing barriers the marketplace has not yet overcome New FFO for 2013 pilots has 13 finalists; second FFO focused on states and government services Continued Support for Pilots Ensure government-wide alignment with the Federal Identity, Credential, and Access Management (FICAM) Roadmap New White House initiated effort to create a Federal Cloud Credential Exchange (FCCX) Government as an early adopter to stimulate demand 7/3/2019

FFO 2013-NIST-NSTIC-03 Purpose To support the study, evaluation, and increase in public knowledge about the pilots awarded through Federal Funding Opportunity 2013-NIST-NSTIC-02 NSTIC Pilots: Trusted Online Credentials for Accessing Government Services Cooperative Agreement Program. (More information on this FFO is available at http://www.nist.gov/nstic/20130415-20130411-2013-NIST-NSTIC-02FFO.pdf ). 7/3/2019

Partnership Fund for Program Integrity Innovation The Partnership Fund seeks innovative ideas for improving the stewardship of federal dollars to create an efficient, effective government model for the 21st century. Using funds appropriated by Congress, the Partnership Fund funds pilot projects and evaluations that test ideas for improving Federal Assistance Programs (e.g., SNAP, Medicaid) that are administered in cooperation with the states, or where Federal- state cooperation could otherwise be beneficial. Website: http://www.partner4solutions.gov/ 7/3/2019

Partnership Fund Success Measures Reducing improper payments Improving administrative efficiency Improving service delivery Protecting and improving program access for eligible beneficiaries 7/3/2019

References 2013-NIST-NSTIC-03: National Strategy for Trusted Identities in Cyberspace (NSTIC) Cooperative Agreement Program for the Evaluation of Pilots Using Trusted Online Credentials for Accessing Government Services Applicant's Webinar, Thursday, June 6, 2013, PowerPoint Presentation (PPTX) http://www.statisticbrain.com/identity-theft-fraud-statistics/

Thoughts / Questions Questions ???