1 National Strategy for Trusted Identities in Cyberspace National Strategy for Trusted Identities in Cyberspace Jeremy Grant NIST.

Slides:

Advertisements

Similar presentations

Manatt manatt | phelps | phillips New York State Health Information Technology Summit Initiative Overview and Update Rachel Block, Project Director United.

Advertisements

Presentation to WTO/CTD Seminar on e-commerce Richard Bourassa Director, International Policy Director, International Policy Electronic Commerce Branch.

1 The Challenges of Creating an Identity Management Infrastructure for the University of California David Walker Karl Heins Office of the President University.

EDUCAUSE 2001, Indianapolis IN Securing e-Government: Implementing the Federal PKI David Temoshok Federal PKI Policy Manager GSA Office of Governmentwide.

1 National Strategy for Trusted Identities in Cyberspace Identity in Cyberspace: Improving Trust via Public-Private Partnerships Jeremy Grant Senior Executive.

Campus Based Authentication & The Project Presented By: Tim Cameron National Council of Higher Education Loan Programs.

IDESG Goals & Work-plans for 2013 and beyond Brett McDowell IDESG Management Council Chair

Digital public services and innovation

Chief Information Officer Branch Gestion du dirigeant principal de l’information “We will have a world class public key infrastructure in place” Prime.

18/05/99 FAMO- MODELO /05/99 FAMO- MODELO REGIONAL HIGH-LEVEL WORKSHOP ON ELECTRONIC COMMERCE AND ICT FOR CENTRAL AMERICA AND THE CARIBBEAN.

EDUCAUSE Fed/Higher ED PKI Coordination Meeting

Building Trusted Transactions Identity Authentication & Attribute Exchange In Public and Private Federations OASIS Conference September 2010 Joni Brennan,

Are Large Scale Data Breaches Inevitable? Douglas E. Salane Center for Cybercrime Studies John Jay College of Criminal Justice Cyber Infrastructure Protection.

National Strategies for Digital Identity Management UNCITRAL Colloquium on Electronic Commerce February 2011, New York Laurent Bernat – OECD Secretariat.

Federating Identity Management in the Government of Canada Identity North Conference November 20 th 2012 Presented by: Rita Whittle Senior Director, Cyber.

World Bank and Community Foundations « Think Globally, Act Locally »

1 May 2006 … Identity management - Internet - Data controller - PKI - Vulnerabilities - Fingerprint - Critical Information Infrastructure - Privacy and.

Understanding the Value of Identity in Government Social Networking A Framework of Identity Trust in Government Social Networking September 4, 2015.

Bill Newhouse Program Lead National Initiative for Cybersecurity Education Cybersecurity R&D Coordination National Institute of Standards and Technology.

BITS Proprietary and Confidential © BITS Security and Technology Risks: Risk Mitigation Activities of US Financial Institutions John Carlson Senior.

1 International Forum on Trade Facilitation May 2003 Trade Facilitation, Security Concerns and the Postal Industry Thomas E. Leavey Director General, UPU.

1 National Strategy for Trusted Identities in Cyberspace Identity in Cyberspace: Improving Trust and Driving Business via Public- Private Partnerships.

1 National Strategy for Trusted Identities in Cyberspace Identity in Cyberspace: Improving Trust via Public-Private Partnerships Jeremy Grant and Naomi.

1 National Strategy for Trusted Identities in Cyberspace Identity in Cyberspace: Improving Trust via Public-Private Partnerships Jeremy Grant Senior Executive.

BOTSWANA NATIONAL CYBER SECURITY STRATEGY PROJECT

TFTM Interim Trust Mark/Listing Approach Paper Analysis of Current Industry Trustmark Programs and GTRI PILOT Approach Discussion Deck TFTM Committee.

A DESCRIPTION OF CONCEPTS AND PLANS MAY 14, 2014 A. HUGHES FOR TFTM The Identity Ecosystem DISCUSSION DRAFT 1.

TFTM TFTM Committee working call to discuss how to describe the “IDESG-Acknowledged Identity Ecosystem” in its interim or long term state November.

1 National Strategy for Trusted Identities in Cyberspace National Strategy for Trusted Identities in Cyberspace Jeremy Grant NIST April 6, 2011.

World summit on the information society 1 Pierre Gagné International Telecommunication Union March 2004 WSIS Follow-up Building the Information Society:

State Alliance for e-Health Conference Meeting January 26, 2007.

1 The Federal Shared Youth Vision Partnership A Federal Partnership between the Corporation for National community Service;

John Grant Chief General Manager National Office for the Information Economy Canberra, Australia The Government OnLine Strategy.

E-Authentication: Enabling E-Government Presented to PESC May 2, 2005 The E  Authentication Initiative.

E-Authentication: Simplifying Access to E-Government Presented at the PESC 3 rd Annual Conference on Technology and Standards May 1, 2006.

1 The Federal Shared Youth Vision Partnership A Federal Partnership between the United States Departments of Education, Health.

Cloud Computing, Policy Management and Standardization Europe Identity Conference 2011 John Sabo, Director Global Government Relations, CA Technologies.

Public Works and Government Services Canada Travaux publics et Services gouvernementaux Canada Brenda Watkins Director Policy and Business Strategies Information.

Digital Agenda Unleashing the Potential of Cloud Computing in Europe Ken Ducatel Head of Unit DG Connect, Software and Services, Cloud 05 December 2012.

Better Care, Lower Costs Value-Driven Health Care Gordon Woodrow Regional Director U.S. Department of Health and Human Services.

© Cloud Security Alliance, 2015 Jim Reavis CEO, Cloud Security Alliance.

Scalable Trust Community Framework STCF (01/07/2013)

National Cybersecurity Center of Excellence Increasing the deployment and use of standards-based security technologies Mid-Atlantic Federal Lab Consortium.

1 Support For Research & National Identity Snapshot Jim Leous, Penn State Ann West, Internet2/InCommon Federation.

NSTIC and the Identity Ecosystem Jim Sheire Senior Advisor NSTIC National Program Office, NIST 14 November 2012.

Transforming Government Federal e-Authentication Initiative David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide Policy.

Moving the National Health Information Technology Agenda Forward The Fourth Health Information Technology Summit March 28, 2007 Robert M. Kolodner, MD.

Project Presentation to: The Electronic Access Partnership July 13, 2006 Presented by: Tim Cameron, Meteor Project Manager The.

Protecting Yourself from Fraud including Identity Theft Personal Finance.

The Value of Creating the Identity Ecosystem. The Identity Ecosystem Steering Group (IDESG) is the source of expertise, guidance, best practices and tools.

19-20 October 2010 IT Directors’ Group meeting 1 Item 6 of the agenda ISA programme Pascal JACQUES Unit B2 - Methodology/Research Local Informatics Security.

CAREER PATHWAYS THE NEW WAY OF DOING BUSINESS. Agenda for our Discussion Today we’ll discuss: Career Pathways Systems and Programs Where we’ve been and.

1 An Overview of Process and Procedures for Health IT Collaboration GSA Office of Citizen Services and Communications Intergovernmental Solutions Division.

Preparing to Implement HITECH A New Report from the State Alliance For E-Health Ree Sailors Kentucky e-Health Summit September 16, 2009.

Progress Report on the U.S. NSTIC Efforts Jack Suess – Delegate for Research, Development, Education & Innovation

EUROPEAN SECURITY POLICY A SNAPSHOT ON SURVEILLANCE AND PRIVACY DESSI WORKSHOP, CPH 24 JUNE 2014 Birgitte Kofod Olsen, Chair Danish Council for Digital.

HHS Security and Improvement Recommendations Insert Name CSIA 412 Final Project Final Project.

The Future Digital Identity Landscape in Europe Timothée Mangenot, chairman 14th of December, 2015 ACSIEL partners day.

The Federal E-Authentication Initiative David Temoshok Director, Identity Policy GSA Office of Governmentwide Policy February 12, 2004 The E-Authentication.

E-Authentication Guidance Jeanette Thornton, Office of Management and Budget “Getting to Green with E-Authentication” February 3, 2004 Executive Session.

Cyber Security – An Existential Threat? (IIC, Singapore)

Update from the Faster Payments Task Force

Higher Education’s Role in the Identity Ecosystem

National Strategy for Trusted Identities in Cyberspace Jeremy Grant

HOSTED BY IN PARTNERSHIP WITH SUPPORTED BY Barcelona iCapital 2015.

National Cyber Strategy Preparedness: 8 Preparatory Questions

EDUCAUSE Fed/Higher ED PKI Coordination Meeting

Legal Framework for Civil Registration, Vital Statistics

National Strategy for Trusted Identities in Cyberspace

Jeremy Grant Coordinator Better Identity Coalition

Presentation transcript:

1 National Strategy for Trusted Identities in Cyberspace National Strategy for Trusted Identities in Cyberspace Jeremy Grant NIST

2 National Strategy for Trusted Identities in Cyberspace Called for in President’s Cyberspace Policy Review (May 2009): a “cybersecurity focused identity management vision and strategy…that addresses privacy and civil-liberties interests, leveraging privacy-enhancing technologies for the nation.”” Guiding Principles Privacy-Enhancing and Voluntary Secure and Resilient Interoperable Cost-Effective and Easy To Use NSTIC calls for an Identity Ecosystem, “an online environment where individuals and organizations will be able to trust each other because they follow agreed upon standards to obtain and authenticate their digital identities.” What is NSTIC?

3 National Strategy for Trusted Identities in Cyberspace Usernames and passwords are broken Most people have 25 different passwords, or use the same one over and over Even strong passwords are vulnerable…criminals can get the “keys to the kingdom” Rising costs of identity theft – 123% increase in financial institution Suspicious Activity Reports in last 6 years (FINCEN) – 11.7 million est. victims over 2 years (BJS, 2008) – $17.3 billion est. cost to economy over 2 years (BJS, 2008) Cybercrime is also on the rise – Incidents up 22% from 2009 to 2008 (IC3 report) – Total loss from these incidents up 111%, to $560 million. The Problem Today

4 National Strategy for Trusted Identities in Cyberspace The Problem Today Source: 2011 Data Breach Investigations Report, Verizon and USSS

5 National Strategy for Trusted Identities in Cyberspace No Seriously, There’s a Problem Today

6 National Strategy for Trusted Identities in Cyberspace There’s a Problem Today, Travel Edition

7 National Strategy for Trusted Identities in Cyberspace Identities are difficult to verify over the internet Numerous government services still must be conducted in person or by mail, leading to continual rising costs for state, local and federal governments Electronic health records could save billions, but can’t move forward without solving authentication challenge for providers and individuals Many transactions, such as signing an auto loan or a mortgage, are still considered too risky to conduct online due to liability risks The Problem Today New Yorker, July 5, 1993New Yorker, September 12, 2005Rob Cottingham, June 23, 2007

8 National Strategy for Trusted Identities in Cyberspace Privacy remains a challenge Individuals often must provide more personally identifiable information (PII) than necessary for a particular transaction –This data is often stored, creating “honey pots” of information for cybercriminals to pursue Individuals have few practical means to control use of their information The Problem Today

9 National Strategy for Trusted Identities in Cyberspace Personal Data is Abundant…and Growing

10 National Strategy for Trusted Identities in Cyberspace Trusted Identities provide a foundation Economic benefits Improved privacy standards Enhanced security TRUSTED IDENTITIES Fight cybercrime and identity theft Increased consumer confidence Offer citizens more control over when and how data is revealed Share minimal amount of information Enable new types of transactions online Reduce costs for sensitive transactions

11 National Strategy for Trusted Identities in Cyberspace Apply for mortgage online with e-signature Trustworthy critical service delivery Security ‘built-into’ system to reduce user error Privately post location to her friends Secure Sign-On to state website Online shopping with minimal sharing of PII January 1, 2016 The Identity Ecosystem: Individuals can choose among multiple identity providers and digital credentials for convenient, secure, and privacy-enhancing transactions anywhere, anytime.

12 National Strategy for Trusted Identities in Cyberspace We've proven that Trusted Identities matter DoD Led the Way DoD network intrusions fell 46% after it banned passwords for log-on and instead mandated use of the CAC with PKI. But Barriers Exist High assurance credentials come with higher costs and burdens They’ve been impractical for many organizations, and most single-use applications. Metcalfe’s Law applies – but there are barriers (standards, liability, usability) today that the market has struggled to overcome.

13 National Strategy for Trusted Identities in Cyberspace Private sector will lead the effort Federal government will provide support Not a government-run identity program Industry is in the best position to drive technologies and solutions Can identify what barriers need to be overcome Help develop a private-sector led governance model Facilitate and lead development of interoperable standards Provide clarity on national policy and legal framework around liability and privacy Act as an early adopter to stimulate demand What does NSTIC call for?

14 National Strategy for Trusted Identities in Cyberspace Privacy and Civil Liberties are Fundamental Increase privacy Minimize sharing of unnecessary information Minimum standards for organizations - such as adherence to Fair Information Practice Principles (FIPPs) Voluntary and private-sector led Individuals can choose not to participate Individuals who participate can choose from public or private-sector identity providers No central database is created Preserves anonymity Digital anonymity and pseudonymity supports free speech and freedom of association

15 National Strategy for Trusted Identities in Cyberspace NSTIC is unique in that it is led by the private sector. Europe Norway and Sweden (Bank ID); Austria, Belgium, Estonia, Italy and Germany (general ID); France (health) Asia Taiwan (health); Hong Kong (transit, financial payments); Singapore (gov’t services); Malaysia (general ID, e-payment); India (general ID) Africa Rwanda (general ID) Middle East Afghanistan (strategy); Oman (pending e-payment) Latin America Brazil (banking) North America Canada (issued strategy) Other countries are moving forward

16 National Strategy for Trusted Identities in Cyberspace Key members of the U.S. technology industry, the privacy community, and the security industry have expressed support for NSTIC “NSTIC has the opportunity to tip the balance of the conversation and focus on identity to socio-economic benefit from what is often today one of identity fraud and identity theft. In doing so trusted identities can improve the delivery and lower the cost to the public of financial services, health care, e-commerce and reduce the federal budget.” Salvatore D'Agostino, CEO, Idmachines LLC “Our industry strongly supports the goals outlined in the Strategy, and we see a vital role for a National Program office to work with industry and government in its finalization and implementation.” Letter to Sec. Locke, White House Cybersecurity Coordinator Howard Locke, and Patrick Gallagher from TechAmerica, Business Software Alliance, and Information Technology Industry Council; additional signatures included leadership from Microsoft, Symantec, PayPal, CA, CSC, RSA/EMC, Infineon, Unisys, Verisign and Gemalto and other technology firms “The Administration to my view has, has conducted a very open process here….I think that there's a model here perhaps for the broader question of cybersecurity.” Jim Dempsey, Vice President for Public Policy at the Center for Democracy & Technology Industry and Privacy Support

17 National Strategy for Trusted Identities in Cyberspace Technology is now mature Organizations and individuals want these solutions Market exists, but nascent NSTIC vision is clear Needs a nudge towards interoperability & standardization Needs clarity on national policy/legal framework (e.g. liability and privacy) Needs an early adopter to stimulate demand Government can meet these needs to facilitate private sector The Time is Now

18 National Strategy for Trusted Identities in Cyberspace Next Steps Workshops on governance, privacy and technology NOI published in June 2011 seeking input on governance; 57 responses Convene the Private Sector Governance: Establish NSTIC Steering Group in early 2012 Private sector led; focus on multi-stakeholder collaboration Enable expedited focus on consensus standards, policies and operating rules NIST grant to catalyze its formation Pilots: Establish new NSTIC Pilot Grant Program FY12 funding ~$10M Develop criteria for selection; assess potential programs Prepare for formal pilot launches in Summer 2012 Immediate Focus Ensure government-wide alignment with the Federal Identity, Credential, and Access Management (FICAM) Roadmap Increased adoption of Trust Framework Providers (TFP) Government as an early adopter to stimulate demand

19 National Strategy for Trusted Identities in Cyberspace Questions? Jeremy Grant