Cyberspace is, “the interdependent network of information technology infrastructures, and includes the Internet, telecommunications networks, computer systems, and embedded processors and controllers in critical industries. Common usage of the term also refers to the virtual environment of information and interactions between people” as defined by the National Security Presidential Directive 54/Homeland Security Presidential Directive 23 (NSPD-54/HSPD23).
On June 25, 2010, via the White House blog, a draft release of National Strategy for Trusted Identities in Cyberspace (NSTIC) was announced. It was described as, “a blueprint to reduce cybersecurity vulnerabilities and improve online privacy protections through the use of trusted digital identities.”
NSTIC, “calls for the creation of an online environment [...] where individuals and organizations can complete online transactions with confidence, trusting the identities of each other and the identities of the infrastructure that the transaction runs on.”
On January 7, 2011, Howard A. Schmidt, Cybersecurity Coordinator and Special Assistant to the President, and Commerce Secretary Gary Locke announced that the National Program Office (NPO) will be moving forward with the national identity program which is expected to be implemented within months.
“We have a major problem in cyberspace, because when we are online we do not really know if people, businesses, and organizations are who they say they are” Schmidt stated via The White House Blog.
One goal of the NSTIC is to “reduce inefficient identification procedures” and improve security and privacy. This would involve getting credentials from various online providers, such as a digital certificate, to prove individuals and websites are who they say they are when performing transactions, online banking, accessing personal information and records, and sending email. The NPO envisions a process where you sign in once and move among your sites without signing in each time. Details are vague, but users will have control over how much information they input and whether they want to surf verified or log out and remain anonymous.
A big question this all brings up is, what happens if someone hacks into or steals your online identity. Now they don’t just have your password, computer or phone–they’ve got your “digital certificates” verifying your identity and possibly allowing thieves to float among your financial sites. It seems like a lot of damage could occur pretty quickly. I can just hear the banks and credit reporting agencies now–”but you were logged in using your verified national identity.”
Identity Ecosystem–Sounds Gritty
This new world, as envisioned in the NSTIC is called the Identity Ecosystem. With the help of some in the private sector, Schmidt states, “Now is the time to move forward with our shared vision of a better, more secure cyberspace.”
Here is a link to the Cyperspace Policy Review.
Schmidt, Howard A. “The National Strategy for Trusted Identities in Cyberspace.” The White House Blog. 25 June 2010. Web. 12 Jan. 2011.
Schmidt, Howard A. “A National Program Office for Enhancing Online Trust and Privacy.” The White House. 7 Jan. 2011. Web. 12 Jan. 2011.
Let us know what you think? Is this new program too intrusive? Should the government focus more on securing infrastructure and less on personal interactions and business? Or is this a change that is long over due?