recommended reading

White House to unveil revised ID management plan Friday

"We should not have to dramatically change the way we do business," cyber chief Howard Schmidt said.Flickr user hubertk

The White House on Friday will release the second draft of a plan for managing identities in cyberspace, President Obama's cyber chief said during a conference in Washington.

The latest version of the National Strategy for Trusted Identities in Cyberspace will build on existing efforts to ensure people, organizations and computers are who they claim to be on the Internet, according to Howard Schmidt, White House cyber coordinator. Those include the George W. Bush administration's Homeland Security Presidential Directive 12, which established a common identification standard for federal employees and contractors to access government buildings and computers, and a requirement to add authentication tools to federal websites to prevent hackers from hijacking Internet traffic and redirecting it to bogus sites.

"We should not have to dramatically change the way we do business," Schmidt said in a keynote address at the Symantec Government Symposium on Tuesday. "This should be a natural path forward."

The plan will focus on identity management at the transaction level -- for instance, when people access electronic health records, conduct online banking, purchase items over the Internet, or send an e-mail.

"Everyone in my office digitally signs e-mail," Schmidt noted. "How does that help? If I see 110 e-mails with a digital signature attached, I know they're trusted. I can then focus on those other 10 e-mails [to figure out], 'Is this who it says it is?' It narrows the scope."

One hurdle will be ensuring existing policies are implemented properly. Established by President Bush in 2004, HSPD-12 experienced numerous logistical and technological challenges that led to significant delays. The Obama administration has barely mentioned the initiative.

"When I ask people about their card, they say, 'Yes I got it,' " Schmidt said. "And then I ask the question, 'Do you use it?' And they say that they don't know what to do with it, or [their agency] has not been issued a smart card reader" for scanning credentials when they enter federal buildings or log on to networks.

"We need to figure out how we get those things to work at the national level," he added.

The national plan will seek tested solutions that are interoperable, cost effective and enhance privacy by limiting the amount of personal information needed to complete transactions online.

To do that, Schmidt said the plan will require what he called an "identity ecosystem" that brings together government, industry and academia to design and build a solution that uses both new and existing infrastructure, and then to establish processes for effectively managing the solution.

"This strategy cannot exist in isolation; it's going to take a commitment," Schmidt said, noting that it is one piece of a much bigger strategy to enhance the security of computer networks and systems.

"I'm very positive about where we're going," he said. "I think we are better. If we weren't, it means all the work is for naught, and I don't believe that for a moment."

The administration will use Web 2.0 technologies to enable online feedback on the latest draft of the plan, according to Schmidt.

Threatwatch Alert

Thousands of cyber attacks occur each day

See the latest threats


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • It’s Time for the Federal Government to Embrace Wireless and Mobility

    The United States has turned a corner on the adoption of mobile phones, tablets and other smart devices, outpacing traditional desktop and laptop sales by a wide margin. This issue brief discusses the state of wireless and mobility in federal government and outlines why now is the time to embrace these technologies in government.

  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

  • A New Security Architecture for Federal Networks

    Federal government networks are under constant attack, and the number of those attacks is increasing. This issue brief discusses today's threats and a new model for the future.

  • Going Agile:Revolutionizing Federal Digital Services Delivery

    Here’s one indication that times have changed: Harriet Tubman is going to be the next face of the twenty dollar bill. Another sign of change? The way in which the federal government arrived at that decision.

  • Software-Defined Networking

    So many demands are being placed on federal information technology networks, which must handle vast amounts of data, accommodate voice and video, and cope with a multitude of highly connected devices while keeping government information secure from cyber threats. This issue brief discusses the state of SDN in the federal government and the path forward.

  • The New IP: Moving Government Agencies Toward the Network of The Future

    Federal IT managers are looking to modernize legacy network infrastructures that are taxed by growing demands from mobile devices, video, vast amounts of data, and more. This issue brief discusses the federal government network landscape, as well as market, financial force drivers for network modernization.


When you download a report, your information may be shared with the underwriters of that document.