National Strategy for Online Identification

Tuesday, August 17, 2010

Robert Siciliano

37d5f81e2277051bc17116221040d51c

The Internet has become a fundamental aspect of most of our lives. It goes beyond social media, online shopping, and banking. Critical infrastructures like water, sewer, electricity, and even our roadways all rely on the Internet to some degree.

The Internet’s weak link is the difficulty in reliably identifying individuals. When online, our identities are determined by IP addresses, cookies, and various “keys” and passwords, most of which are susceptible to tampering and fraud.

We need a better strategy. Howard A. Schmidt, the Cybersecurity Coordinator and Special Assistant to the President, points to The National Strategy for Trusted Identities in Cyberspace (NSTIC), which was developed in response to one of the near term action items in the President’s Cyberspace Policy Review.

The NSTIC calls for the creation of an online environment where individuals and organizations can complete online transactions with confidence, trusting the identities of each other and the infrastructure that facilitates the transaction.

The primary goal is to build a cybersecurity-based identity management vision and strategy that addresses privacy and civil liberties interests, leveraging privacy-enhancing technologies for the nation.

The National Strategy for Trusted Identities in Cyberspace is a document released to the public for comment. The Department of Homeland Security has posted the draft at www.nstic.ideascale.com, and will be collecting comments from any interested members of the general public.

Offline, there are currently dozens of identification technologies in play that go beyond the simplicity of Social Security numbers, birth certificates, drivers licenses, and passports These include smart cards, mobile phones, biometrics such as facial recognition, ear canal recognition, fingerprints, hand geometry, vein recognition, voice recognition, and dynamic biometrics among others.

In a future post, we will go into more details on each. However, there is not a consistent standard in the United States to date. In the near future, we may be the adoption of some of these technologies to properly identify who is who.

Robert Siciliano, personal security adviser to Just Ask Gemalto, discusses credit card fraud  on NBC Boston (Disclosures)


Possibly Related Articles:
4442
Privacy
Privacy
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.