recommended reading

White House to unveil revised ID management plan Friday

"We should not have to dramatically change the way we do business," cyber chief Howard Schmidt said.Flickr user hubertk

The White House on Friday will release the second draft of a plan for managing identities in cyberspace, President Obama's cyber chief said during a conference in Washington.

The latest version of the National Strategy for Trusted Identities in Cyberspace will build on existing efforts to ensure people, organizations and computers are who they claim to be on the Internet, according to Howard Schmidt, White House cyber coordinator. Those include the George W. Bush administration's Homeland Security Presidential Directive 12, which established a common identification standard for federal employees and contractors to access government buildings and computers, and a requirement to add authentication tools to federal websites to prevent hackers from hijacking Internet traffic and redirecting it to bogus sites.

"We should not have to dramatically change the way we do business," Schmidt said in a keynote address at the Symantec Government Symposium on Tuesday. "This should be a natural path forward."

The plan will focus on identity management at the transaction level -- for instance, when people access electronic health records, conduct online banking, purchase items over the Internet, or send an e-mail.

"Everyone in my office digitally signs e-mail," Schmidt noted. "How does that help? If I see 110 e-mails with a digital signature attached, I know they're trusted. I can then focus on those other 10 e-mails [to figure out], 'Is this who it says it is?' It narrows the scope."

One hurdle will be ensuring existing policies are implemented properly. Established by President Bush in 2004, HSPD-12 experienced numerous logistical and technological challenges that led to significant delays. The Obama administration has barely mentioned the initiative.

"When I ask people about their card, they say, 'Yes I got it,' " Schmidt said. "And then I ask the question, 'Do you use it?' And they say that they don't know what to do with it, or [their agency] has not been issued a smart card reader" for scanning credentials when they enter federal buildings or log on to networks.

"We need to figure out how we get those things to work at the national level," he added.

The national plan will seek tested solutions that are interoperable, cost effective and enhance privacy by limiting the amount of personal information needed to complete transactions online.

To do that, Schmidt said the plan will require what he called an "identity ecosystem" that brings together government, industry and academia to design and build a solution that uses both new and existing infrastructure, and then to establish processes for effectively managing the solution.

"This strategy cannot exist in isolation; it's going to take a commitment," Schmidt said, noting that it is one piece of a much bigger strategy to enhance the security of computer networks and systems.

"I'm very positive about where we're going," he said. "I think we are better. If we weren't, it means all the work is for naught, and I don't believe that for a moment."

The administration will use Web 2.0 technologies to enable online feedback on the latest draft of the plan, according to Schmidt.

Threatwatch Alert

Thousands of cyber attacks occur each day

See the latest threats

JOIN THE DISCUSSION

Close [ x ] More from Nextgov
 
 

Thank you for subscribing to newsletters from Nextgov.com.
We think these reports might interest you:

  • Modernizing IT for Mission Success

    Surveying Federal and Defense Leaders on Priorities and Challenges at the Tactical Edge

    Download
  • Communicating Innovation in Federal Government

    Federal Government spending on ‘obsolete technology’ continues to increase. Supporting the twin pillars of improved digital service delivery for citizens on the one hand, and the increasingly optimized and flexible working practices for federal employees on the other, are neither easy nor inexpensive tasks. This whitepaper explores how federal agencies can leverage the value of existing agency technology assets while offering IT leaders the ability to implement the kind of employee productivity, citizen service improvements and security demanded by federal oversight.

    Download
  • Effective Ransomware Response

    This whitepaper provides an overview and understanding of ransomware and how to successfully combat it.

    Download
  • Forecasting Cloud's Future

    Conversations with Federal, State, and Local Technology Leaders on Cloud-Driven Digital Transformation

    Download
  • IT Transformation Trends: Flash Storage as a Strategic IT Asset

    MIT Technology Review: Flash Storage As a Strategic IT Asset For the first time in decades, IT leaders now consider all-flash storage as a strategic IT asset. IT has become a new operating model that enables self-service with high performance, density and resiliency. It also offers the self-service agility of the public cloud combined with the security, performance, and cost-effectiveness of a private cloud. Download this MIT Technology Review paper to learn more about how all-flash storage is transforming the data center.

    Download

When you download a report, your information may be shared with the underwriters of that document.