recommended reading

Verizon becomes first firm to offer certified online ID protection

Verizon has become the first company certified to offer high-level online identity protection for federal personnel and visitors to dot-gov websites, officials at the telecommunications firm announced Monday morning.

With agencies under budgetary pressure to move services online and data breaches spiking, ID providers are vying to offer departments, as well as businesses, easy, affordable means of ensuring people are who they say they are online. Verizon officials said the win opens the door for potential contracts with the Internal Revenue Service and other agencies that require a high level of ID trustworthiness for transactions, such as filing taxes directly through IRS.gov.

Until now, companies, including Google and Equifax, met the federal government's criteria for offering websites only the lowest of four "levels of assurance" -- Level 1, which simply confirms a username and password. Level 3 assurance, which Verizon now carries, requires checking a second piece of identifying data, such as a smart card containing personal information and biometric fingerprints.

"We are the first and only identity provider that's been certified at Level 1, 2 and 3," Verizon's chief identity strategist Tracy Hulver said.

During the past year, a number of government officials have had their personal and professional email credentials held hostage by hackers with a grudge, most recently at the United Nations. Some security experts say a two-step ID validation process may have quashed an invasion by hacktivists of the U.N.'s mail server.

Outsourcing credentialing to trusted ID providers could further shield federal employees from identity theft, Hulver said. "It greatly reduces the likelihood that someone is trying to pose as you," he added.

Commercial IDs allow Internet users to log in with one set of credentials on many sites without having to register their Social Security numbers across the Internet -- an added privacy bonus, say some civil liberties advocates. Several prominent agencies, including the IRS and Veterans Affairs Department, have dismal track records in securing personal information in-house, according to government audits.

The White House recently issued a directive ordering all federal agencies launching or upgrading Level 1 dot-gov sites to offer citizens the option of opening accounts using their existing commercial credentials. For example, visitors on CPSC.gov would be able to register through their Gmail accounts to receive recall updates from the Consumer Product Safety Commission. The Oct. 6 memo stated that departments only have to offer the type of sophisticated ID verification that Verizon now supplies "where appropriate and as resources permit."

Equifax is applying to become a certified Level 2 and Level 3 provider for the government, according to officials at Anakam, Equifax's identity proofing unit. The Obama administration this spring released a plan for linking together all ID providers in an "identity ecosystem," akin to a credit card payment system for verifying online IDs. The main hang-up with the National Strategy for Trusted Identities in Cyberspace, is not the technology, but rather universal buy-in from Internet companies, governments, businesses and consumers, according to administration officials. Verizon executives said they are committed to moving forward on the endeavor with competitors, including Google, McAfee and others.

By subscribing to Verizon's Level 3 services, federal customers essentially would hand over ID management to the company, including the work of enrolling users' personal data, distributing logins securely to them, and verifying those credentials for each transaction, Verizon officials said. Agencies would have the option of buying physical tokens for users or one-time passwords sent to their cellphones. Currently, no vendors are certified to provide the strongest layer of protection, Level 4, which requires a user to prove his or her identity in person before obtaining credentials.

Hulver said the cost of Verizon's offerings vary based on the size of a department's user base. A small, 50,000-person agency could pay between $8 and $20 per user. A department as big as the IRS, with hundreds of millions of users, may be charged $1 per person because the more users, the lower the unit cost of providing the service.

Threatwatch Alert

Thousands of cyber attacks occur each day

See the latest threats

JOIN THE DISCUSSION

Close [ x ] More from Nextgov
 
 

Thank you for subscribing to newsletters from Nextgov.com.
We think these reports might interest you:

  • It’s Time for the Federal Government to Embrace Wireless and Mobility

    The United States has turned a corner on the adoption of mobile phones, tablets and other smart devices, outpacing traditional desktop and laptop sales by a wide margin. This issue brief discusses the state of wireless and mobility in federal government and outlines why now is the time to embrace these technologies in government.

    Download
  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

    Download
  • A New Security Architecture for Federal Networks

    Federal government networks are under constant attack, and the number of those attacks is increasing. This issue brief discusses today's threats and a new model for the future.

    Download
  • Going Agile:Revolutionizing Federal Digital Services Delivery

    Here’s one indication that times have changed: Harriet Tubman is going to be the next face of the twenty dollar bill. Another sign of change? The way in which the federal government arrived at that decision.

    Download
  • Software-Defined Networking

    So many demands are being placed on federal information technology networks, which must handle vast amounts of data, accommodate voice and video, and cope with a multitude of highly connected devices while keeping government information secure from cyber threats. This issue brief discusses the state of SDN in the federal government and the path forward.

    Download
  • The New IP: Moving Government Agencies Toward the Network of The Future

    Federal IT managers are looking to modernize legacy network infrastructures that are taxed by growing demands from mobile devices, video, vast amounts of data, and more. This issue brief discusses the federal government network landscape, as well as market, financial force drivers for network modernization.

    Download

When you download a report, your information may be shared with the underwriters of that document.