On June 25, 2010, the White House released a draft National Strategy for Trusted Identities in Cyberspace: Creating Options for Enhanced Online Security and Privacy (NS-TIC). This is a potentially very big deal, because use of digital identities could have an enormous impact upon attribution — the effort to identify the party responsible for an action in cyberspace — which in turn impacts cyber crime, cyber war, cyber deterrence and the promotion of political free speech. Look for both our course and the INSCT to do more with this in the coming months. A special category of this blog has been created to track developments.
A PDF of the actual draft strategy is posted on the Department of Homeland Security's web site and is also available here on this blog's server. In addition, DHS opened a special web site for public comment on the NS-TIC, but allowed comments for only three weeks. Already, a blog has been started at www.nstic.us by something called the Open Dialog Coalition to foster discussion about the NS-TIC and to petition for the reopening of the official comment period.
Interestingly, the draft NS-TIC offers no indication of its authorship. Appendix B to the strategy entitled "participants" states only "under development." As you read the strategy, you might consider for yourself whose interests are served by its recommendations (and by the lack of transparency in its authorship). One thing that is known is that it was released on the White House blog through a posting signed by Howard Schmidt. Here is the text of that post:
The National Strategy for Trusted Identities in Cyberspace
Posted byon June 25, 2010 at 02:00 PM EDTCyberspace has become an indispensible component of everyday life for all Americans. We have all witnessed how the application and use of this technology has increased exponentially over the years. Cyberspace includes the networks in our homes, businesses, schools, and our Nation’s critical infrastructure. It is where we exchange information, buy and sell products and services, and enable many other types of transactions across a wide range of sectors. But not all components of this technology have kept up with the pace of growth. Privacy and security require greater emphasis moving forward; and because of this, the technology that has brought many benefits to our society and has empowered us to do so much — has also empowered those who are driven to cause harm.
Today, I am pleased to announce the latest step in moving our Nation forward in securing our cyberspace with the release of the draft National Strategy for Trusted Identities in Cyberspace (NSTIC). This first draft of NSTIC was developed in collaboration with key government agencies, business leaders and privacy advocates. What has emerged is a blueprint to reduce cybersecurity vulnerabilities and improve online privacy protections through the use of trusted digital identities.
The NSTIC, which is in response to one of the near term action items in the President’s Cyberspace Policy Review, calls for the creation of an online environment, or an Identity Ecosystem as we refer to it in the strategy, where individuals and organizations can complete online transactions with confidence, trusting the identities of each other and the identities of the infrastructure that the transaction runs on. For example, no longer should individuals have to remember an ever-expanding and potentially insecure list of usernames and passwords to login into various online services. Through the strategy we seek to enable a future where individuals can voluntarily choose to obtain a secure, interoperable, and privacy-enhancing credential (e.g., a smart identity card, a digital certificate on their cell phone, etc) from a variety of service providers – both public and private – to authenticate themselves online for different types of transactions (e.g., online banking, accessing electronic health records, sending email, etc.). Another key concept in the strategy is that the Identity Ecosystem is user-centric – that means you, as a user, will be able to have more control of the private information you use to authenticate yourself on-line, and generally will not have to reveal more than is necessary to do so.
The Department of Homeland Security (DHS), a key partner in the development of the strategy, has posted the draft NSTIC at www.nstic.ideascale.com. Over the next three weeks (through July 19th), DHS will be collecting comments from any interested members of the general public on the strategy. I encourage you to go to this website, submit an idea for the strategy, comment on someone else’s idea, or vote on an idea. Your input is valuable to the ultimate success of this document. The NSTIC will be finalized later this fall.
Thank you for your input!
Howard A. Schmidt is the Cybersecurity Coordinator and Special Assistant to the President
Leave a Reply