1 National Strategy for Trusted Identities in Cyberspace Identity in Cyberspace: Improving Trust and Driving Business via Public- Private Partnerships.

Slides:



Advertisements
Similar presentations
Manatt manatt | phelps | phillips New York State Health Information Technology Summit Initiative Overview and Update Rachel Block, Project Director United.
Advertisements

HR Manager – HR Business Partners Role Description
Overview of Priorities and Activities: Shared Services Canada Presentation to the Information Technology Infrastructure Roundtable June 17, 2013 Liseanne.
1 National Strategy for Trusted Identities in Cyberspace Identity in Cyberspace: Improving Trust via Public-Private Partnerships Jeremy Grant Senior Executive.
The importance of a Compliance program is to ensure that our agency meets the highest possible standards for all relevant federal, state and local regulations,
IDESG Goals & Work-plans for 2013 and beyond Brett McDowell IDESG Management Council Chair
Digital public services and innovation
1 National Strategy for Trusted Identities in Cyberspace National Strategy for Trusted Identities in Cyberspace Jeremy Grant NIST.
Cross Sector Digital Identity Initiative March 12, 2014 Hearing on the National Strategy for Trusted Identities in Cyberspace (NSTIC) Cross Sector Digital.
Building Trusted Transactions Identity Authentication & Attribute Exchange In Public and Private Federations OASIS Conference September 2010 Joni Brennan,
Why Managers Must Understand IT Managers play a key role –Frame opportunities and threats so others can understand them –Evaluate and prioritize problems.
Introduction to OIX: A Market Solution to Online Identity Trust Don Thibeau.
Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
A Common Immigration Policy for Europe Principles, actions and tools June 2008.
National Institute of Standards and Technology U.S. Department of Commerce TheTechnology Innovation Program (TIP) Standard Presentation of TIP Marc G.
John McDougall, President 10 th Annual Re$earch Money Conference, 11 May 2011.
Bill Newhouse Program Lead National Initiative for Cybersecurity Education Cybersecurity R&D Coordination National Institute of Standards and Technology.
NSTC Smart Grid Subcommittee Overview and Goals for Ongoing Federal/State Collaboration By George Arnold, NIST & Jessica Zufolo, RUS NARUC Annual Convention,
Government of CanadaGouvernement du Canada Service Transformation through Government On-Line Helen McDonald Director General, Office of the Chief Information.
1 International Forum on Trade Facilitation May 2003 Trade Facilitation, Security Concerns and the Postal Industry Thomas E. Leavey Director General, UPU.
1 National Strategy for Trusted Identities in Cyberspace Identity in Cyberspace: Improving Trust via Public-Private Partnerships Jeremy Grant and Naomi.
1 National Strategy for Trusted Identities in Cyberspace Identity in Cyberspace: Improving Trust via Public-Private Partnerships Jeremy Grant Senior Executive.
Privacy and Security Tiger Team Recommendations Adopted by The Health IT Policy Committee Relevant to Consumer Empowerment May 24, 2013.
BOTSWANA NATIONAL CYBER SECURITY STRATEGY PROJECT
TFTM Interim Trust Mark/Listing Approach Paper Analysis of Current Industry Trustmark Programs and GTRI PILOT Approach Discussion Deck TFTM Committee.
Summary of the U.S. Task Force on United Way’s Economic Model & Growth.
Collective Impact Building Understanding Part 2 May 30, 2014 East Texas Human Needs Network Christina Fulsom.
TFTM TFTM Committee working call to discuss how to describe the “IDESG-Acknowledged Identity Ecosystem” in its interim or long term state November.
1 National Strategy for Trusted Identities in Cyberspace National Strategy for Trusted Identities in Cyberspace Jeremy Grant NIST April 6, 2011.
State Alliance for e-Health Conference Meeting January 26, 2007.
Headwaters Communities in Action Building A Better Quality of Life Together.
1 The Federal Shared Youth Vision Partnership A Federal Partnership between the Corporation for National community Service;
John Grant Chief General Manager National Office for the Information Economy Canberra, Australia The Government OnLine Strategy.
State HIE Program Chris Muir Program Manager for Western/Mid-western States.
HIT Policy Committee NHIN Workgroup Recommendations Phase 2 David Lansky, Chair Pacific Business Group on Health Danny Weitzner, Co-Chair Department of.
E-Authentication: Enabling E-Government Presented to PESC May 2, 2005 The E  Authentication Initiative.
E-Authentication: Simplifying Access to E-Government Presented at the PESC 3 rd Annual Conference on Technology and Standards May 1, 2006.
JOINING UP GOVERNMENTS EUROPEAN COMMISSION Establishing a European Union Location Framework.
Catawba County Board of Commissioners Retreat June 11, 2007 It is a great time to be an innovator 2007 Technology Strategic Plan *
EHealth Progress Across the States in 2007 Results of a Survey of State Officials AcademyHealth National Health Policy Conference State Health Research.
Cloud Computing, Policy Management and Standardization Europe Identity Conference 2011 John Sabo, Director Global Government Relations, CA Technologies.
Better Care, Lower Costs Value-Driven Health Care Gordon Woodrow Regional Director U.S. Department of Health and Human Services.
National Cybersecurity Center of Excellence Increasing the deployment and use of standards-based security technologies Mid-Atlantic Federal Lab Consortium.
Presentation to Membership. A Recap of Our Process February 2009: Decision to renew strategic plan March 2009: Engagement of Berlin, Eaton.
NSTIC and the Identity Ecosystem Jim Sheire Senior Advisor NSTIC National Program Office, NIST 14 November 2012.
Global Geospatial Information Management (GGIM) A UN-DESA Initiative in collaboration with Cartographic Section, DFS Stefan Schweinfest UNSD.
Moving the National Health Information Technology Agenda Forward The Fourth Health Information Technology Summit March 28, 2007 Robert M. Kolodner, MD.
The U. S. Health Care System Challenges, Opportunities and Solutions Fifth National HIPAA Summit Clinical Data Standards and the Creation of an Interconnected,
TEXAS Health Information Technology Advisory Committee (HITAC) Track 1: Getting Started, Organization and Governance Tim Turner Tim Turner & Associates,
Federations: The New Infrastructure Speaker Name Here Date Here Speaker Name Here Date Here.
Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
Virginia Office of Public-Private Partnerships (VAP3) Adopted Public-Private Transportation Act (PPTA) enabling legislation in 1995 Public-Private Education.
TALENT DEVELOPMENT STRATEGIES: SECTOR PARTNERSHIPS AND CAREER PATHWAYS Emily Templin Lesh, Assistant Director Colorado Workforce Development Council
The Value of Creating the Identity Ecosystem. The Identity Ecosystem Steering Group (IDESG) is the source of expertise, guidance, best practices and tools.
19-20 October 2010 IT Directors’ Group meeting 1 Item 6 of the agenda ISA programme Pascal JACQUES Unit B2 - Methodology/Research Local Informatics Security.
CAREER PATHWAYS THE NEW WAY OF DOING BUSINESS. Agenda for our Discussion Today we’ll discuss: Career Pathways Systems and Programs Where we’ve been and.
PROTECTING THE INTERESTS OF CONSUMERS OF FINANCIAL SERVICES Role of Supervisory Authorities Keynote Address to the FinCoNet Open Meeting 22 April 2016.
Standards Coordination Office NIST presentation to the FGDC September 25, 2014.
The Federal E-Authentication Initiative David Temoshok Director, Identity Policy GSA Office of Governmentwide Policy February 12, 2004 The E-Authentication.
NATIONAL e-STRATEGY Presentation to the Portfolio Committee on Telecommunications & Postal Services DG: ROBERT NKUNA AUGUST 2017 Building a better life.
Update from the Faster Payments Task Force
Higher Education’s Role in the Identity Ecosystem
National Strategy for Trusted Identities in Cyberspace Jeremy Grant
Arizona Health-e Connection Leadership from Governor Napolitano
National Cyber Strategy Preparedness: 8 Preparatory Questions
ONC P2 FHIR Ecosystem Task Force
Scotland’s Digital Health and Care Strategy
National Strategy for Trusted Identities in Cyberspace
Jeremy Grant Coordinator Better Identity Coalition
October is National Cybersecurity Awareness Month
Presentation transcript:

1 National Strategy for Trusted Identities in Cyberspace Identity in Cyberspace: Improving Trust and Driving Business via Public- Private Partnerships Christopher Currens Deputy, National Strategy for Trusted Identities in Cyberspace (NSTIC) National Institute of Standards and Technology (NIST)

2 National Strategy for Trusted Identities in Cyberspace NIST: Bird’s eye view Courtesy HDR Architecture, Inc./Steve Hall © Hedrich Blessing G. Wheeler The United States’ national measurement laboratory, NIST is where Nobel Prize- winning science meets real-world engineering. With an extremely broad research portfolio, world-class facilities, national networks, and an international reach, NIST works to support industry innovation – our central mission.

3 National Strategy for Trusted Identities in Cyberspace NIST’s Mission ©R. Rathe To promote U.S. innovation and industrial competitiveness by advancing measurement science, standards, and technology in ways that enhance economic security and improve our quality of life.

4 National Strategy for Trusted Identities in Cyberspace NIST: Basic Stats and Facts FY 2012 Appropriations $750.8 M ©R. Rathe Major assets  ~ 3,000 employees  ~ 2,800 associates and facilities users  ~ 1,600 field staff in partner organizations (Manufacturing Extension Partnership)  Two locations: Gaithersburg, Md., and Boulder, Colo.  Four external collaborative institutes: basic physics, biotech, quantum, and marine science

5 National Strategy for Trusted Identities in Cyberspace Imagine if… Four years from now, 80% of your customers arrived at your website already holding a secure credential for identification and authentication – and you could trust this credential in lieu of your existing username/password system. Interoperable with your login system (you don’t have to issue credentials) Multi-factor authentication (no more password management) Tied to a robust identity proofing mechanism (you know if they are who they claim to be) With baked-in rules to limit liability and protect privacy

6 National Strategy for Trusted Identities in Cyberspace What would this mean… For Security and Loss Prevention? 5 of the top 6 vectors of attack in 2011 data breaches tied to passwords The number of Americans impacted by data breaches rose 67% from 2010 to 2011 Weak identity systems fuel online fraud, make it impossible to know who is a “dog on the Internet” For Reducing Friction in Online Commerce? Today, 75% of customers will avoid creating new accounts. 54% leave the site or do not return Today, 45% of consumers will abandon a site rather than attempt to reset their passwords or answer security questions

7 National Strategy for Trusted Identities in Cyberspace $2 Trillion The total projected online retail sales across the G20 nations in 2016 $2.5 Trillion What this number can grow to if consumers believe the Internet is more worthy of their trust $1.5 Trillion What this number will fall to if Trust is eroded Trust matters to online business Source: Rethinking Personal Data: Strengthening Trust. World Economic Forum, May 2012.

8 National Strategy for Trusted Identities in Cyberspace The foundation of enhanced online trust, reduced fraud and better customer experiences. A voluntary, public-private partnership is forming to create it – but voluntary models don’t succeed unless people volunteer An “Identity Ecosystem”

9 National Strategy for Trusted Identities in Cyberspace Apply for mortgage online with e-signature Trustworthy critical service delivery Security ‘built-into’ system to reduce user error Privately post location to her friends Secure Sign-On to state website Online shopping with minimal sharing of PII January 1, 2016 The Identity Ecosystem: Individuals can choose among multiple identity providers and digital credentials for convenient, secure, and privacy-enhancing transactions anywhere, anytime.

10 National Strategy for Trusted Identities in Cyberspace The government is here to help…seriously

11 National Strategy for Trusted Identities in Cyberspace Called for in President’s Cyberspace Policy Review (May 2009): a “cybersecurity focused identity management vision and strategy…that addresses privacy and civil-liberties interests, leveraging privacy-enhancing technologies for the nation.” Guiding Principles Privacy-Enhancing and Voluntary Secure and Resilient Interoperable Cost-Effective and Easy To Use NSTIC calls for an Identity Ecosystem, “an online environment where individuals and organizations will be able to trust each other because they follow agreed upon standards to obtain and authenticate their digital identities.” What is NSTIC?

12 National Strategy for Trusted Identities in Cyberspace Usernames and passwords are broken Most people have 25 different passwords, or use the same one over and over Even strong passwords are vulnerable…criminals have many paths to easily capture “keys to the kingdom” Rising costs of identity theft – 11.6M U.S. victims (+13% YoY) in 2011 at a cost of $37 billion – 67% increase in # of Americans impacted by data breaches in 2011 (Source: Javelin Strategy & Research) A common vector of attack – Sony Playstation, Zappos, Lulzsec, Infragard among dozens of breaches tied to passwords. The Problem Today

13 National Strategy for Trusted Identities in Cyberspace The Problem Today Source: 2012 Data Breach Investigations Report, Verizon and USSS 2011: 5 of the top 6 attack vectors are tied to passwords 2010: 4 of the top 10

14 National Strategy for Trusted Identities in Cyberspace Identities are difficult to verify over the internet Numerous government services still must be conducted in person or by mail, leading to continual rising costs for state, local and federal governments Electronic health records could save billions, but can’t move forward without solving authentication challenge for providers and individuals Many transactions, such as signing an auto loan or a mortgage, are still considered too risky to conduct online due to liability risks The Problem Today New Yorker, July 5, 1993New Yorker, September 12, 2005Rob Cottingham, June 23, 2007

15 National Strategy for Trusted Identities in Cyberspace Privacy remains a challenge Individuals often must provide more personally identifiable information (PII) than necessary for a particular transaction –This data is often stored, creating “honey pots” of information for cybercriminals to pursue Individuals have few practical means to control use of their information The Problem Today

16 National Strategy for Trusted Identities in Cyberspace Privacy: Increasingly Complex as Volumes of Personal Data Grow Source: World Economic Forum, “Rethinking Personal Data: Strengthening Trust,” May 2012

17 National Strategy for Trusted Identities in Cyberspace Trusted Identities provide a foundation Economic benefits Improved privacy standards Enhanced security TRUSTED IDENTITIES Fight cybercrime and identity theft Increased consumer confidence Offer citizens more control over when and how data is revealed Share minimal amount of information Enable new types of transactions online Reduce costs for sensitive transactions Improve customer experiences

18 National Strategy for Trusted Identities in Cyberspace We've proven that Trusted Identities matter DoD Led the Way DoD network intrusions fell 46% after it banned passwords for log-on and instead mandated use of the CAC with PKI. But Barriers Exist High assurance credentials come with higher costs and burdens They’ve been impractical for many organizations, and most single-use applications. Metcalfe’s Law applies – but there are barriers (standards, liability, usability) today that the market has struggled to overcome.

19 National Strategy for Trusted Identities in Cyberspace Private sector will lead the effort Federal government will provide support Not a government-run identity program Private sector is in the best position to drive technologies and solutions… …and ensure the Identity Ecosystem offers improved online trust and better customer experiences Help develop a private-sector led governance model Facilitate and lead development of interoperable standards Provide clarity on national policy and legal framework around liability and privacy Fund pilots to stimulate the marketplace Act as an early adopter to stimulate demand What does NSTIC call for?

20 National Strategy for Trusted Identities in Cyberspace How is NSTIC different? We’re in a different time. Needed technologies are more mature. Realization that government working alone is not in the best position to define business models. Window of opportunity o Companies and industry organizations say we need something better. o The White House provides a thoughtful strategy that emphasizes ownership by the private sector. o Our role is to convene and help address existing barriers.

21 National Strategy for Trusted Identities in Cyberspace Our Implementation Strategy

22 National Strategy for Trusted Identities in Cyberspace We don’t want to boil the ocean.

23 National Strategy for Trusted Identities in Cyberspace Let’s go surfing where the waves are…

24 National Strategy for Trusted Identities in Cyberspace Next Steps....updates Awarded a 2-year grant to fund a privately-led Steering Group to convene stakeholders and craft standards and policies to create an Identity Ecosystem Framework Held first meeting of the Identity Ecosystem Steering Group Convene the Private Sector FFO published in early 2012 for $9-10M NSTIC pilots grant program Awards expected by mid-September 2012 Challenge-based approach focused on addressing barriers the marketplace has not yet overcome Select Pilots Ensure government-wide alignment with the Federal Identity, Credential, and Access Management (FICAM) Roadmap New White House initiated effort to create a Federal Cloud Credential Exchange (FCCX) Government as an early adopter to stimulate demand

25 National Strategy for Trusted Identities in Cyberspace The Secretariat: Trusted Federal Systems On July 12, NIST announced Trusted Federal Systems or TFS as the awardee of a two-year grant to convene the private sector-led Identity Ecosystem Steering Group (IESG) and serve as the group’s administrative arm as it tackles the wide range of policy and technical challenges associated with crafting an Identity Ecosystem Framework. Additionally, TFS will facilitate collaboration among multiple stakeholders to help drive the creation of consensus standards and best practices that can advance national priorities. Learn more about the Identity Ecosystem Steering Group, including how you can participate: (next meeting in Washington, D.C. on October 29-30, 2012)

26 National Strategy for Trusted Identities in Cyberspace It Now Exists! Source: Phil Wolff, Identity Ecosystem Steering Group

27 National Strategy for Trusted Identities in Cyberspace The Identity Ecosystem Steering Group

28 National Strategy for Trusted Identities in Cyberspace Nearly 400 participants; more than 800 signed up for future participation. Over 300 different companies and organizations. Representatives from UK, Australia, EU, NZ, Canada, Japan. Elected Plenary Chair (Bob Blakley/Citi) and Management Council Chair (Brett McDowell/PayPal); Elected 16 delegates to Management Council Approved draft charter and bylaws for a 90-day provisional period; established a tiger team to perfect them. Stood up working groups and/or committees on topics including: Highlights of Initial IDESG Meeting (August 15-16) o Standards o Policy o Privacy o Usability o Security o Accreditation o Health Care o Financial Sector o International Coordination

29 National Strategy for Trusted Identities in Cyberspace Most of the work will be done in the IDESG standing committees/working groups. Now that private-sector leadership has been elected, NPO is just one of many stakeholders. NPO will look to encourage and facilitate progress in the private sector." NPO will still play a large role with the NSTIC pilot program o In mid-September, the office will announce the winners for the first round of NSTIC pilot grants o The federal funding opportunity NIST issued in February received 186 applications, which were whittled down to 27 finalists. NSTIC National Program Office (NPO)

30 National Strategy for Trusted Identities in Cyberspace Great response 186 abbreviated proposals received 27 finalists selected to submit full proposals NIST will soon announce approx. $10M in grant awards Awardees will pilot solutions that increase confidence in online transactions, prevent identity theft, and provide individuals with more control over how they share their personal information Pilots advance NSTIC vision that individuals adopt secure, efficient, easy-to-use, and interoperable identity credentials to access online services in a way that promotes confidence, privacy, choice and innovation The pilots seek to catalyze a new marketplace, spanning multiple sectors, and demonstrate new solutions, models or frameworks that do not exist today NSTIC Pilot Projects

31 National Strategy for Trusted Identities in Cyberspace American Association of Motor Vehicle Administrators (AAMVA) (Va.) o Partner with the Virginia Department of Motor Vehicles to allow state residents to access online services Criterion Systems (Va.) o Allow consumers to selectively share shopping and other preferences and information to both reduce fraud and enhance the user experience Daon, Inc. (Va.) o Employ user-friendly identity solutions that leverage smart mobile devices (smartphones/tablets) to maximize consumer choice and usability Resilient Network Systems, Inc. (Calif.) o Demonstrate that sensitive health and education transactions on the Internet can earn patient and parent trust by using a Trust Network University Corporation for Advanced Internet Development (Va.) o Partner with multiple universities to develop a consistent and robust privacy infrastructure and to encourage the use of multifactor authentication and other technologies NSTIC Pilot Projects

32 National Strategy for Trusted Identities in Cyberspace What Your Firms Can Do TALK: about the value of NSTIC to leaders in your firm SUPPORT: NSTIC Pilots by volunteering to be a relying party JOIN: the Identity Ecosystem Steering Group…next meeting in Washington, D.C. on October 29-30, 2012 ( Participate Leverage trusted identities to move more services online Consider ways to support identity and credentialing in partnership with trusted third parties Be early adopters You are a key partner, we want to hear from you Give us your ideas!

33 National Strategy for Trusted Identities in Cyberspace Questions? Christopher Currens Identity Ecosystem Steering Group

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.