Commerce announces new shop to oversee online security

Office will coordinate public-private efforts to better protect electronic transactions for people and organizations.

The Obama administration is creating an office that will coordinate with the private sector to establish a secure pathway for people, organizations and computer programs to execute online transactions, Commerce Secretary Gary Locke announced on Friday.

The office will be part of a credentialing initiative outlined in President Obama's 2009 cyberspace policy review. Obama is expected to finalize the National Strategy for Trusted Identities in Cyberspace "in the coming months," Locke said. The system is intended to verify the identities of individuals, organizations and applications so they can have confidence in one another when exchanging personal or sensitive information.

"We need the private sector's expertise and its involvement in designing, building and implementing this identity ecosystem," Locke told executives in Silicon Valley at a forum sponsored by the Stanford Institute for Economic Policy; the National Science Foundation's Team for Research in Ubiquitous Secure Technology (TRUST); and industry groups TechAmerica, TechNet and the Churchill Club.

"To succeed, we will also need a National Program Office at the Department of Commerce that is focused on implementing the trusted identities strategy," he added.

The new program office also will collaborate with the Homeland Security Department and the General Services Administration to build consensus on regulations aimed at maintaining privacy, free expression and open markets, Commerce officials said. In addition, it will work with industry to identify areas potentially in need of new standards, and will encourage pilot projects to implement the trusted identities concept.

Locke and White House cyber czar Howard Schmidt, also in attendance, stressed the program will be voluntary and will not aimed at tracking the online movements of individuals.

"It's a world that has options," Schmidt said. "I don't have to get a credential if I don't want to. If I want to get a credential, I don't have to use it all the time. "

Locke said, "Let's be clear. We are not talking about a national ID card. We are not talking about a government-controlled system."

The problem the strategy is trying to address is the difficulty of memorizing dozens of passwords to securely engage in online activities, from banking to blogging. Schmidt noted many people use weak, obvious passwords so they don't have to worry about remembering so many; they don't change their passwords; and many use the same password for every website.

TechAmerica officials welcomed the announcement of a new point of contact in the executive branch for companies to provide feedback on this security approach.

"The government has clearly recognized that the tech industry must drive implementation of the national strategy," TechAmerica President Phil Bond said in a statement. "We call upon the government to establish an even stronger public-private partnership by creating a private sector advisory committee for the program office."

The office will be housed within Commerce's National Institute of Standards and Technology.

Sen. Barbara A. Mikulski, D-Md., chairwoman of the Appropriations Subcommittee on Commerce, Justice and Science, said in a statement: "I will be an active partner with Secretary Locke, NIST Director Gallagher and Cybersecurity Coordinator Schmidt to implement this important program. I can think of no better place than the National Institute of Standards and Technology for this important initiative to be housed."