Saturday, January 8, 2011

National Strategy for Trusted Identities in Cyberspace (NSTIC) on your router?

Just in case you missed this Government Press Release yesterday, January 7th 2011, I'm reprinting it here, with a few editorial comments of my own:

At a forum with Silicon Valley business and academic leaders at Stanford University, U.S. Commerce Secretary Gary Locke and White House Cybersecurity Coordinator Howard A. Schmidt today announced plans to create a National Program Office [At what cost to tax payers?] to help [Who asked the Government for this help?] foster an environment in which sensitive online transactions can be carried out with greater levels of trust.

The National Program Office, to be established within the Department of Commerce, would coordinate federal activities needed to implement the National Strategy for Trusted Identities in Cyberspace (NSTIC), an Obama administration initiative aimed at establishing identity solutions and privacy-enhancing technologies that will make the online environment more secure and convenient for consumers.  The national office would serve as the point of contact to bring the public and private sectors together to meet this challenge.

[Will the challenge be government mandated cryptographic systems on all Embedded Devices even if they don't need it, and don't have the power to implement them?]

"The Internet will not reach its full potential [What is it doing now without helpful intervention of various government around the world?] until users and consumers feel more secure and confident than they do today when they go online," Locke said. "A coordinated national strategy to significantly improve online trust will put e-commerce on stronger footing. [With who? Will ITAR regulations prevent me from buying something over Internet in a different country using NSTIC? If it is not worth of being band for export, it probably is not worthy of being used?] The National Program Office will engage the best minds in the field [Who is going to be representing Embedded Systems?] from both the public and private sectors to give people greater confidence that their personal information is safe when they engage in online transactions."

"With the full participation of industry and the general public, NSTIC plans to nurture the development of a secure and privacy-enhancing 'identity ecosystem' for the Internet," Schmidt said. "This identity ecosystem would instill greater confidence in online transactions with less personal information being collected and stored with each transaction, lowering the risk of identity theft." [Nobble goals that Industry should be supporting without government prompting.]

Created in response to President Obama's Cyberspace Policy Review, NSTIC is a key building block in the national effort to secure cyberspace.  NSTIC strives to enhance online trust through increased security and privacy.  It focuses on improving the ability to authenticate individuals [Nineteen Eighty-Four?], organizations, and the underlying infrastructure, such as servers and routers [An Embedded System Device...], involved in sensitive online transactions. At the same time, it provides consumers a choice - those who want to remain anonymous for activities like blogging will continue to be able to do so. Online service providers that opt in to such a system would follow a set of security and privacy guidelines.

NSTIC's anticipated benefits for consumers include increased convenience, security and privacy.  For example, implementation of NSTIC would allow users the option to obtain secure, interoperable credentials from a range of service providers that would authenticate their identity for a variety of transactions such as banking, accessing electronic health records and ordering products [To enhance tax revenue?]. This would simplify these transactions for users and reduce the amount of private information users must reveal to the many organizations they deal with online. Such a marketplace will ensure that no single credential or centralized database can emerge.

In the NSTIC vision, businesses would enjoy new market opportunities, with the ability to deliver services and transactions previously considered too risky.  Government would be able to expand online services for constituents [We know how well E-Voting has been working so far.], so they can operate with greater efficiency and transparency; remove impediments to e-commerce; and increase public safety by bolstering the integrity of networks and systems. [Why does the network need to know my identity? End points yes, but the network itself?]

As the Federal coordinator, the National Program Office would collaborate with other Federal partners, including the Department of Homeland Security and the General Services Administration on NSTIC implementation. The National Program Office would work to:

  • Build consensus on legal and policy frameworks necessary to achieve the NSTIC vision, including ways to enhance privacy, free expression and open markets;
  • Work with industry to identify where new standards or collaborative efforts may be needed;
  • Support collaboration within the government; and
  • Promote important pilot projects and other NSTIC implementations.

E-commerce worldwide is estimated at $10 trillion of business online annually.  E-commerce sales for the third quarter of 2010 were estimated at over $41 billion; up 13.6 percent over the same period last year.

"Identity theft is rampant and growing.  Increasingly sophisticated cyber hackers and thieves continue to steal personal information, bank account data and proprietary information. The NSTIC will take important steps forward to enhance the trust of user and consumer confidence in all of their online transactions," said U.S. Senator Barbara A. Mikulski.   

Senator Mikulski, who chairs the Commerce, Justice, Science subcommittee on Appropriations, added "I will be an active partner with Secretary Locke, NIST Director Gallagher and Cybersecurity Coordinator Schmidt to implement this important program.  I can think of no better place than the National Institute of Standards and Technology for this important initiative to be housed."

"Establishing this office represents an important step in the process of protecting the security and privacy of online transactions, said U.S. Senator John D. Rockefeller IV, Chairman of the Senate Committee on Commerce, Science and Transportation. " It's a critical piece of the larger cybersecurity puzzle.  I look forward to working with the Administration this year in enacting comprehensive legislation [Maybe we should enforce laws that we already have? Like getting banks to actually care when your identity is stolen, because of their lack of security?] that will address the challenges we face in securing cyberspace."

Later this year, the Commerce Department plans to hold a workshop to highlight the existing initiatives in this strategy.  Representatives from industry, academia, civil society organizations, standards-setting organizations, and all levels of government will be encouraged to attend and collaborate on the development of an interoperable identity ecosystem.