One year on: how NSTIC is developing an ecosystem for online trusted identities
It is almost one year since the US government initiative National Strategies on Trusted Identities in Cyberspace (NSTIC) was established to drive secure, user-focused online identity solutions which can also enable effective commercial and public sector operations.
In a recent video interview by Gov Info Security, Whitehouse Cybersecurity Coordinator for NSTIC Howard Schmidt explains how the strategy is developing an ecosystem for trusted identities online.
The problem with our digital identities
Schmidt talks about the weakness of our current digital identities which are embodied in the username and password combination, making us vulnerable to identity theft and fraud. He goes on to explain that while in the physical world the driver's licence and passport are our physical forms of ID - because they match us to something and we have control over them - what we are missing is that equivalent means of identity verification and authentication on the web.
The pressure is on to solve this growing problem as fraud relating to identity theft, impersonation and false documentation dramatically increases, and global trade is compromised because we simply cannot trust online.
We see this daily, from our participation in industry discussions, to listening to businesses about the limitations of not being able to verify their customers' purely online, and media reports of the increasing need to protect our identities on our social networks from ID theft, fraud and imposters.
Trusted identity initiatives
Understanding the traditional risk based approach (that says we are ‘likely’ or ‘unlikely’ to be that person depending on how much we know about them) is not enough, NSTIC is looking to work with the private sector to develop new solutions to prove we are who we say we are online.
The following three areas of focus for NSTIC will form an ecosystem around our digital identities:
- Increased security using one time passwords, mobile devices and smart cards for authentication across multiple applications to reduce account hijacking.
- Proving identity for transactions, for example so that an ecommerce business can be sure that it really is you making a purchase and not someone pretending to be you.
- Digital signatures for email to reduce malware and phishing attacks.
Interestingly Schmidt sees the privacy issue surrounding our personal information held by social networks dissolving as these sites start accepting new means of identity verification and authentication, or as Schmidt puts it, confirmation 'I'm not a dog', when we sign up.
The update from NSTIC provides further validation for miiCard. As we do more on the web we need to be able to trust each other, and as a pioneering company for Trust Online this is a very exciting time for us.
Watch the interview with Howard Schmidt here.