National Strategy for Trusted Identities in Cyberspace

On April 15, 2011, the White House released the National Strategy for Trusted Identities in Cyberspace (NSTIC) during a launch event that included U.S. Sec. of Commerce Gary Locke, other Administration officials, and U.S. Senator Barbara Mikulski, as well as a panel discussion with private sector, consumer advocate, and government ID management experts.
What is it a trusted identity in Cyberspace?   This animation describes the scope of the effort.  It includes smartcards, biometrics, soft tokens, hard tokens, and certificate management applications.
NSTIC envisions a cyber world – the Identity Ecosystem – that improves upon the passwords currently used to access electronic resources. It includes a vibrant marketplace that allows people to choose among multiple identity providers – both private and public – that will issue trusted credentials proving identity.
Why do we need it? NSTIC provides a framework for individuals and organizations to utilize secure, efficient, easy-to-use and interoperable identity solutions to access online services in a manner that promotes confidence, privacy, choice and innovation.
Shopping, banking, social networking, and accessing employee intranets result in greater opportunities for innovation and economic growth, but the online infrastructure for supporting these services has not evolved at the same pace. The National Strategy for Trusted Identities in Cyberspace addresses two central problems impeding economic growth online –
1) Passwords are inconvenient and insecure
2) Individuals are unable to prove their true identity online for significant transactions.
Identity theft is costly, inconvenient and all-too common:
*In 2010, 8.1 million U.S. adults were the victims of identity theft or fraud, with total costs of $37 billion.
*The average out-of-pocket loss of identity theft in 2008 was $631 per incident.
*Consumers reported spending an average of 59 hours recovering from a “new account” instance of ID theft.
Phishing continues to rise, with attacks becoming more sophisticated:
*In 2008 and 2009, specific brands or entities were targeted by more than 286,000 phishing attacks, all attempting to replicate their site and harvest user credentials.
*A 2009 report from Trusteer found that 45% of targets divulge their personal information when redirected to a phishing site, and that financial institutions are subjected to an average of 16 phishing attacks per week, costing them between $2.4 and $9.4 million in losses each year.5
Managing multiple passwords is expensive:
*A small business of 500 employees spends approximately $110,000 per year on password management. That’s $220 per user per year.
Passwords are failing:
*In December 2009, the Rockyou password breach revealed the vulnerability of passwords. Nearly 50% of users’ passwords included names, slang words, dictionary words or were extremely weak, with passwords like “123456”.
Maintenance of multiple accounts is increasing as more services move online:
*One federal agency with 44,000 users discovered over 700,000 user accounts, with the average user having 16 individual accounts.
Improving identity practices makes a difference
*Implementation of strong credentials across the Department of Defense resulted in a 46% reduction in intrusions.
*Use of single sign-on technologies can reduce annual sign-in time by 50 hours/user/year.
The next step is creation of a national program office to manage the project and coordinate public-private efforts.    I look forward to a voluntary, opt in strong identity for e-commerce.   Who knows, if this effort is successful, maybe we can move forward with a voluntary, opt in strong identity for healthcare.
John Halamka, MD, is the CIO at Beth Israel Deconess Medical Center and the author of the popular Life as a Healthcare CIO blog, where he writes about technology, the business of healthcare and the issues he faces as the leader of the IT department of a major hospital system. He is a frequent contributor to THCB.

4 replies »

  1. Movie star and singer Patrick Bruel has been certainly
    one of France’s biggest stars through the ’90s, first making his name like
    a teen idol and leading a positive return to traditional French chanson in the new millennium.
    Bruel was born Patrick Benguigui within Tlemcen, Algeria,
    on, may 14, 1959. His / her father abandoned the family unit
    when Patrick was a year old, in addition to 1962, after Algeria
    acquired its independence, his new mother moved
    to France, negotiating from the Paris suburb
    involving Argenteuil. A good soccer player in his youth, Patrick first settled on the idea of becoming a singer
    having seen Michel Sardou perform in 1975.

    As fortune can have it, acting would provide him his first achievements;
    first-time director Alexandre Arcady ran an advertisement seeking an adolescent man having
    a French-Algerian (or “pied-noir” in France slang) accent
    for his film Le Coup de Sirocco. Benguigui (as
    he was still called) responded and gained the part.
    The below year, he spent some time in New york, where he found Gérard Presgurvic, later to
    become his primary songwriter.

    Source: http://www.freeplaygaming.com/profile/camcguffog/

  2. A member of the audience asks TVGuide normal supervisor and EVP Christy Tanner about know-how’s
    modifications to the leisure industry. Mashable Senior
    Vice President Robyn Peterson speaks with Andy Mitchell, strategic companion of development at
    Facebook about how much of our identity is shared to 3rd-occasion websites.
    Take into account the crash and burn of Facebook after its
    IPO as a cautionary story.

  3. I seemed to be immensely comfortable to disclose this kind of web-site.I needed time for credit using part of your respective involved in the recognition of it astounding impute within!! Now i obviously trying to play many online tiny amount of trace than it and participate individuals bookmarked to be on the road to apparent bushy-tailed things clients content.