recommended reading

Commerce announces new shop to oversee online security

The Obama administration is creating an office that will coordinate with the private sector to establish a secure pathway for people, organizations and computer programs to execute online transactions, Commerce Secretary Gary Locke announced on Friday.

The office will be part of a credentialing initiative outlined in President Obama's 2009 cyberspace policy review. Obama is expected to finalize the National Strategy for Trusted Identities in Cyberspace "in the coming months," Locke said. The system is intended to verify the identities of individuals, organizations and applications so they can have confidence in one another when exchanging personal or sensitive information.

"We need the private sector's expertise and its involvement in designing, building and implementing this identity ecosystem," Locke told executives in Silicon Valley at a forum sponsored by the Stanford Institute for Economic Policy; the National Science Foundation's Team for Research in Ubiquitous Secure Technology (TRUST); and industry groups TechAmerica, TechNet and the Churchill Club.

"To succeed, we will also need a National Program Office at the Department of Commerce that is focused on implementing the trusted identities strategy," he added.

The new program office also will collaborate with the Homeland Security Department and the General Services Administration to build consensus on regulations aimed at maintaining privacy, free expression and open markets, Commerce officials said. In addition, it will work with industry to identify areas potentially in need of new standards, and will encourage pilot projects to implement the trusted identities concept.

Locke and White House cyber czar Howard Schmidt, also in attendance, stressed the program will be voluntary and will not aimed at tracking the online movements of individuals.

"It's a world that has options," Schmidt said. "I don't have to get a credential if I don't want to. If I want to get a credential, I don't have to use it all the time. "

Locke said, "Let's be clear. We are not talking about a national ID card. We are not talking about a government-controlled system."

The problem the strategy is trying to address is the difficulty of memorizing dozens of passwords to securely engage in online activities, from banking to blogging. Schmidt noted many people use weak, obvious passwords so they don't have to worry about remembering so many; they don't change their passwords; and many use the same password for every website.

TechAmerica officials welcomed the announcement of a new point of contact in the executive branch for companies to provide feedback on this security approach.

"The government has clearly recognized that the tech industry must drive implementation of the national strategy," TechAmerica President Phil Bond said in a statement. "We call upon the government to establish an even stronger public-private partnership by creating a private sector advisory committee for the program office."

The office will be housed within Commerce's National Institute of Standards and Technology.

Sen. Barbara A. Mikulski, D-Md., chairwoman of the Appropriations Subcommittee on Commerce, Justice and Science, said in a statement: "I will be an active partner with Secretary Locke, NIST Director Gallagher and Cybersecurity Coordinator Schmidt to implement this important program. I can think of no better place than the National Institute of Standards and Technology for this important initiative to be housed."

Threatwatch Alert

Thousands of cyber attacks occur each day

See the latest threats


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • It’s Time for the Federal Government to Embrace Wireless and Mobility

    The United States has turned a corner on the adoption of mobile phones, tablets and other smart devices, outpacing traditional desktop and laptop sales by a wide margin. This issue brief discusses the state of wireless and mobility in federal government and outlines why now is the time to embrace these technologies in government.

  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

  • A New Security Architecture for Federal Networks

    Federal government networks are under constant attack, and the number of those attacks is increasing. This issue brief discusses today's threats and a new model for the future.

  • Going Agile:Revolutionizing Federal Digital Services Delivery

    Here’s one indication that times have changed: Harriet Tubman is going to be the next face of the twenty dollar bill. Another sign of change? The way in which the federal government arrived at that decision.

  • Software-Defined Networking

    So many demands are being placed on federal information technology networks, which must handle vast amounts of data, accommodate voice and video, and cope with a multitude of highly connected devices while keeping government information secure from cyber threats. This issue brief discusses the state of SDN in the federal government and the path forward.

  • The New IP: Moving Government Agencies Toward the Network of The Future

    Federal IT managers are looking to modernize legacy network infrastructures that are taxed by growing demands from mobile devices, video, vast amounts of data, and more. This issue brief discusses the federal government network landscape, as well as market, financial force drivers for network modernization.


When you download a report, your information may be shared with the underwriters of that document.