1 National Strategy for Trusted Identities in Cyberspace Identity in Cyberspace: Improving Trust via Public-Private Partnerships Jeremy Grant and Naomi.

Slides:



Advertisements
Similar presentations
ELTSS Alignment to Nationwide Interoperability Roadmap DRAFT: For Stakeholder Consideration in response to public comment.
Advertisements

EDUCAUSE 2001, Indianapolis IN Securing e-Government: Implementing the Federal PKI David Temoshok Federal PKI Policy Manager GSA Office of Governmentwide.
Economic Tussles in Federated Identity Management Tyler Moore joint work with Susan Landau WEIS 2011.
Federal Risk and Authorization Management Program (FedRAMP) Lisa Carnahan, Computer Scientist National Institute of Standards & Technology Standards Coordination.
1 National Strategy for Trusted Identities in Cyberspace Identity in Cyberspace: Improving Trust via Public-Private Partnerships Jeremy Grant Senior Executive.
1 Jan 2013 © Health Level Seven International ®, Inc. All Rights Reserved. HL7 International and Health Level Seven International are registered.
IDESG Goals & Work-plans for 2013 and beyond Brett McDowell IDESG Management Council Chair
Helena Sims NACHA – The Electronic Payments Association Overview of The Electronic Authentication Partnership Tenth Federal & Higher Education PKI Coordination.
Data-Sharing and Governance Consultation ANALYSIS OF RESPONSES.
Digital public services and innovation
1. Guiding Principles 3. Critical Success Factors 2. Delivery Processes 4. Benefits Realisation Strategy Business Management Technology Management Roadmap.
A View into the Mi$t 1 RL "Bob" Morgan University of Washington Co-chair, InCommon Technical Advisory Committee.
1 National Strategy for Trusted Identities in Cyberspace National Strategy for Trusted Identities in Cyberspace Jeremy Grant NIST.
Cross Sector Digital Identity Initiative March 12, 2014 Hearing on the National Strategy for Trusted Identities in Cyberspace (NSTIC) Cross Sector Digital.
Chief Information Officer Branch Gestion du dirigeant principal de l’information “We will have a world class public key infrastructure in place” Prime.
1 Trust Framework Portable Identity Schemes Trust Framework Portable Identity Schemes NIH iTrust Forum December 10, 2009 Chris Louden.
1 eAuthentication in Higher Education Tim Bornholtz Session #47.
Building Trusted Transactions Identity Authentication & Attribute Exchange In Public and Private Federations OASIS Conference September 2010 Joni Brennan,
A Survey of Risk: Federated ID Management in Cloud and Grid Computing Presentation by Andy Wood (P )
Federating Identity Management in the Government of Canada Identity North Conference November 20 th 2012 Presented by: Rita Whittle Senior Director, Cyber.
Framework for Improving Critical Infrastructure Cybersecurity Overview and Status Executive Order “Improving Critical Infrastructure Cybersecurity”
Introduction to OIX: A Market Solution to Online Identity Trust Don Thibeau.
Understanding the Value of Identity in Government Social Networking A Framework of Identity Trust in Government Social Networking September 4, 2015.
Bill Newhouse Program Lead National Initiative for Cybersecurity Education Cybersecurity R&D Coordination National Institute of Standards and Technology.
NSTIC ID Ecosystem A Conceptual Model v03 Andrew Hughes October October IDESG Version 1.
The InCommon Federation The U.S. Access and Identity Management Federation
Government of CanadaGouvernement du Canada Service Transformation through Government On-Line Helen McDonald Director General, Office of the Chief Information.
1 International Forum on Trade Facilitation May 2003 Trade Facilitation, Security Concerns and the Postal Industry Thomas E. Leavey Director General, UPU.
1 National Strategy for Trusted Identities in Cyberspace Identity in Cyberspace: Improving Trust and Driving Business via Public- Private Partnerships.
1 National Strategy for Trusted Identities in Cyberspace Identity in Cyberspace: Improving Trust via Public-Private Partnerships Jeremy Grant Senior Executive.
Privacy and Security Tiger Team Recommendations Adopted by The Health IT Policy Committee Relevant to Consumer Empowerment May 24, 2013.
1 Identity and Transparency ( Bridging the GAPS of Governance Bridging the GAPS of Governance in eGov Initiatives in eGov Initiatives )‏ Badri Sriraman.
BOTSWANA NATIONAL CYBER SECURITY STRATEGY PROJECT
TFTM Interim Trust Mark/Listing Approach Paper Analysis of Current Industry Trustmark Programs and GTRI PILOT Approach Discussion Deck TFTM Committee.
1 National Strategy for Trusted Identities in Cyberspace National Strategy for Trusted Identities in Cyberspace Jeremy Grant NIST April 6, 2011.
State Alliance for e-Health Conference Meeting January 26, 2007.
1 EAP and EAI Alignment: FiXs Pilot Project December 14, 2005 David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide Policy.
Federated or Not: Secure Identity Management Janemarie Duh Identity Management Systems Architect Chair, Security Working Group ITS, Lafayette College.
State HIE Program Chris Muir Program Manager for Western/Mid-western States.
HIT Policy Committee NHIN Workgroup Recommendations Phase 2 David Lansky, Chair Pacific Business Group on Health Danny Weitzner, Co-Chair Department of.
E-Authentication: Enabling E-Government Presented to PESC May 2, 2005 The E  Authentication Initiative.
E-Authentication: Simplifying Access to E-Government Presented at the PESC 3 rd Annual Conference on Technology and Standards May 1, 2006.
ONC’s Proposed Strategy on Governance for the Nationwide Health Information Network Following Public Comments on RFI HIT Standards Committee Meeting September.
Catawba County Board of Commissioners Retreat June 11, 2007 It is a great time to be an innovator 2007 Technology Strategic Plan *
US Department of Labor Employment and Training Administration (ETA) Partnering for Effective Business Engagement Heather Graham Director of Special Initiatives.
Cloud Computing, Policy Management and Standardization Europe Identity Conference 2011 John Sabo, Director Global Government Relations, CA Technologies.
Scalable Trust Community Framework STCF (01/07/2013)
HIT Policy Committee NHIN Workgroup HIE Trust Framework: HIE Trust Framework: Essential Components for Trust April 21, 2010 David Lansky, Chair Farzad.
NSTIC and the Identity Ecosystem Jim Sheire Senior Advisor NSTIC National Program Office, NIST 14 November 2012.
Transforming Government Federal e-Authentication Initiative David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide Policy.
Protecting Yourself from Fraud including Identity Theft Personal Finance.
Attribute Delivery - Level of Assurance Jack Suess, VP of IT
The Value of Creating the Identity Ecosystem. The Identity Ecosystem Steering Group (IDESG) is the source of expertise, guidance, best practices and tools.
CAREER PATHWAYS THE NEW WAY OF DOING BUSINESS. Agenda for our Discussion Today we’ll discuss: Career Pathways Systems and Programs Where we’ve been and.
Progress Report on the U.S. NSTIC Efforts Jack Suess – Delegate for Research, Development, Education & Innovation
The Future Digital Identity Landscape in Europe Timothée Mangenot, chairman 14th of December, 2015 ACSIEL partners day.
Department of Internal Affairs Disrupting Government Service Models Tim Occleshaw Government Chief Technology Officer Service and System Transformation.
The Federal E-Authentication Initiative David Temoshok Director, Identity Policy GSA Office of Governmentwide Policy February 12, 2004 The E-Authentication.
International Telecommunication Union ICT Security Role in National Trusted Identities Initiatives Abbie Barbir, PhD ITU-T Study Group 17 Identity Management.
Identity on the Internet
Update from the Faster Payments Task Force
Higher Education’s Role in the Identity Ecosystem
InCommon Steward Program: Community Review
National Strategy for Trusted Identities in Cyberspace Jeremy Grant
National Cyber Strategy Preparedness: 8 Preparatory Questions
Internet Interconnection
ONC P2 FHIR Ecosystem Task Force
EDUCAUSE Fed/Higher ED PKI Coordination Meeting
National Strategy for Trusted Identities in Cyberspace
Jeremy Grant Coordinator Better Identity Coalition
Presentation transcript:

1 National Strategy for Trusted Identities in Cyberspace Identity in Cyberspace: Improving Trust via Public-Private Partnerships Jeremy Grant and Naomi Lefkovitz National Institute of Standards and Technology (NIST)

2 National Strategy for Trusted Identities in Cyberspace 1.Learn about the National Strategy for Trusted Identities in Cyberspace (NSTIC) 2.Discuss how a government initiative can help improve online trust, reduce fraud and create new efficiencies in health care 3.Discuss the role your organizations can play in advancing the use of Trusted Identities in Cyberspace Why We’re Here Today

3 National Strategy for Trusted Identities in Cyberspace Called for in President’s Cyberspace Policy Review (May 2009): a “cybersecurity focused identity management vision and strategy…that addresses privacy and civil-liberties interests, leveraging privacy-enhancing technologies for the nation.”” Guiding Principles Privacy-Enhancing and Voluntary Secure and Resilient Interoperable Cost-Effective and Easy To Use NSTIC calls for an Identity Ecosystem, “an online environment where individuals and organizations will be able to trust each other because they follow agreed upon standards to obtain and authenticate their digital identities.” What is NSTIC?

4 National Strategy for Trusted Identities in Cyberspace Usernames and passwords are broken Most people have 25 different passwords, or use the same one over and over Even strong passwords are vulnerable…criminals have many paths to easily capture “keys to the kingdom” Rising costs of identity theft and data breaches – 11.6M U.S. victims (+13% YoY) in 2011 at a cost of $37 billion – 67% increase in # of Americans impacted by data breaches in 2011 (Source: Javelin Strategy & Research) – Health sector is #1 target: 43% of all 2011 US data breaches (Source: Symantec Internet Security Report ) A common vector of attack – Sony Playstation, Zappos, Lulzsec, Infragard among dozens of breaches tied to passwords. The Problem Today

5 National Strategy for Trusted Identities in Cyberspace The Problem Today Source: 2012 Data Breach Investigations Report, Verizon and USSS 2011: 5 of the top 6 attack vectors are tied to passwords 2010: 4 of the top 10

6 National Strategy for Trusted Identities in Cyberspace Identities are difficult to verify over the internet Numerous government services still must be conducted in person or by mail, leading to continual rising costs for state, local and federal governments Electronic health records could save billions, but can’t move forward without solving authentication challenge for providers and individuals Many transactions, such as signing an auto loan or a mortgage, are still considered too risky to conduct online due to liability risks The Problem Today New Yorker, July 5, 1993New Yorker, September 12, 2005Rob Cottingham, June 23, 2007

7 National Strategy for Trusted Identities in Cyberspace Identity Proofing is not always easy The Problem Today

8 National Strategy for Trusted Identities in Cyberspace Privacy remains a challenge Individuals often must provide more personally identifiable information (PII) than necessary for a particular transaction –This data is often stored, creating “honey pots” of information for cybercriminals to pursue Individuals have few practical means to control use of their information The Problem Today

9 National Strategy for Trusted Identities in Cyberspace Personal Data is Abundant…and Growing Source: World Economic Forum, “Rethinking Personal Data: Strengthening Trust,” May 2012

10 National Strategy for Trusted Identities in Cyberspace Trusted Identities provide a foundation Economic benefits Improved privacy standards Enhanced security TRUSTED IDENTITIES Fight cybercrime and identity theft Increased consumer confidence Offer citizens more control over when and how data is revealed Share minimal amount of information Enable new types of transactions online Reduce costs for sensitive transactions Improve customer experiences

11 National Strategy for Trusted Identities in Cyberspace Apply for mortgage online with e-signature Trustworthy critical service delivery Security ‘built-into’ system to reduce user error Privately post location to her friends Secure Sign-On to state website Online shopping with minimal sharing of PII January 1, 2016 The Identity Ecosystem: Individuals can choose among multiple identity providers and digital credentials for convenient, secure, and privacy-enhancing transactions anywhere, anytime.

12 National Strategy for Trusted Identities in Cyberspace We've proven that Trusted Identities matter DoD Led the Way DoD network intrusions fell 46% after it banned passwords for log-on and instead mandated use of the CAC with PKI. But Barriers Exist High assurance credentials come with higher costs and burdens They’ve been impractical for many organizations, and most single-use applications. Metcalfe’s Law applies – but there are barriers (standards, liability, usability) today that the market has struggled to overcome.

13 National Strategy for Trusted Identities in Cyberspace Private sector will lead the effort Federal government will provide support Not a government-run identity program Private sector is in the best position to drive technologies and solutions… …and ensure the Identity Ecosystem offers improved online trust and better customer experiences Help develop a private-sector led governance model Facilitate and lead development of interoperable standards Provide clarity on national policy and legal framework around liability and privacy Act as an early adopter to stimulate demand What does NSTIC call for?

14 National Strategy for Trusted Identities in Cyberspace Privacy and Civil Liberties are Fundamental Increase privacy Minimize sharing of unnecessary information Minimum standards for organizations - such as adherence to Fair Information Practice Principles (FIPPs) Voluntary and private-sector led Individuals can choose not to participate Individuals who participate can choose from public or private-sector identity providers No central database is created Preserves anonymity Digital anonymity and pseudonymity supports free speech and freedom of association

15 National Strategy for Trusted Identities in Cyberspace NSTIC National Program Office Charged with leading day-to-day coordination across government and the private sector in implementing NSTIC Funded with $16.5M for FY12

16 National Strategy for Trusted Identities in Cyberspace Federal Government As an Early Adopter Federal IdM activities are aligned through the Identity, Credential and Access Management (ICAM) Subcommittee Trust Framework Solutions: how the USG aligns with NSTIC Secure, interoperable and privacy-enhancing process by which federal agencies can leverage commercially issued digital identities and credentials Craft “USG profile” of widely used commercial identity protocols like OpenID and SAML to maximize security and privacy. Privacy criteria based on the FIPPs: Opt in; Minimalism; Activity Tracking; Adequate Notice; Non Compulsory; and Termination ICAMSC approves non-federal organizations to be the Trust Framework Providers (TFPs) The TFPs accredit commercial identity providers who agree to use the USG profiles and abide by the privacy criteria

17 National Strategy for Trusted Identities in Cyberspace Federal Cloud Credential Exchange Removing Barriers for Federal Adoption FCCX does the heavy lifting Guaranteed interoperability of credentials across agencies Offers citizens an easy path to more convenience Each agency connects just once saving costs OpenID/LOA1 SAML/LOA3 OpenID/LOA1

18 National Strategy for Trusted Identities in Cyberspace Next Steps Create an Identity Ecosystem Steering Group: Summer 2012 New 2-year grant to fund a privately-led Steering Group to convene stakeholders and craft standards and policies to create an Identity Ecosystem Framework Convene the Private Sector FFO recently published for $10M NSTIC pilots grant program 5-8 awards expected by late summer 2012 Challenge-based approach focused on addressing barriers the marketplace has not yet overcome Select Pilots Ensure government-wide alignment with the Federal Identity, Credential, and Access Management (FICAM) Roadmap New White House initiated effort to create a Federal Cloud Credential Exchange (FCCX) Government as an early adopter to stimulate demand

19 National Strategy for Trusted Identities in Cyberspace What You Can Do TALK: about the value of NSTIC to colleagues SUPPORT: NSTIC Pilots by volunteering to be a relying party JOIN: the Identity Ecosystem Steering Group Participate Leverage trusted identities to move more services online Consider ways to support identity and credentialing in partnership with trusted third parties Be early adopters You are a key partner, we want to hear from you Give us your ideas!

20 National Strategy for Trusted Identities in Cyberspace Questions? Jeremy Grant Naomi Lefkovitz

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.