Identity is the cornerstone for Cybersecurity
The security in any transaction comes from knowing exactly with whom one is doing business. Cyberspace is no different. Knowing the person on the other side of the network is who they claim to be is critical for our underlying economic and network security. Identity management offers the ability to know who specifically is authorized to access information and networks.
Both the report Securing Cyberspace for the 44th President issued by Center for Strategic and International Studies (CSIS) issued in December 2008 and the White House Cyberspace Policy Review released in May 2009 highlight identity as a key element in ensuring only those that are authorized can gain access to sensitive and secure networks.
CSIS - Securing Cyberspace for the 44th President
- US should make strong authentication of identity, based on robust in-person proofing and thorough verification of devices, a mandatory requirement for critical cyber infrastructure
- Anonymity is important but weak online identification is inappropriate in circumstances where all legitimate parties to a transaction desire robust authentication of identity.
- Weak identification and authentication limit an organization’s ability to enforce security policies to protect sensitive information and systems, and it hinders effective governmental and industry response to cyber attacks.
- Implementing a digital credentials for transactions could reduce fraud while increasing security and privacy protection.
White House - Cyberspace Policy Review:
- Build a cybersecurity-based identity management vision and strategy that addresses privacy and civil liberties interest, leveraging privacy enhancing technologies for the Nation.
- Identity management also has the potential to enhance privacy through additional protection against the inappropriate release of personal identifiable information.
- Increased use of on-line transactions involving financial, health and commerce require a basis for building trust between the parties to a transaction
- The Federal Government should ensure resources are available for full federal implementation of HSPD-12.
- The Federal Government should consider extending the availability of federal identity management systems to operators of critical infrastructure and to private sector emergency response and repair service providers for use during national emergencies.
It is with these findings and information in mind that the Secure ID Coalition agrees with Robert Lentz, Deputy Assistant Secretary of Defense for Cyber, Identity and Information Assurance, more needs to be done to protect identity and protect critical infrastructure networks. We support the appointment of a Cyber Czar to address identity as reducing anonymity is key to ensuring security and resiliency of the network. We also support a date certain for full implementation of HSPD-12 for logical access to computer networks not only for all federal government employees and contractors but, also critical infrastructure personnel. Finally, we encourage the support of HSPD-12 as an underlying standard for State and Local governments to meet cybersecurity requirements under any grant or funding program.
Secure ID News to Know
If there’s one thing that we’ve learned over the past few days since the Internet of Things (IoT) distributed-denial-of-service attack (DDoS) attack gave the Internet brain freeze last Friday is that (1) IoT devices are insecure, (2) we have a really good idea what needs to be done to make them more secure, yet (3) it’s hard to get everyone on the same page in dedicating the resources to actually make them more secure.
While that might seem like a stark truth, it only makes sense given how our economy and legal system works. Since no one company or device was responsible for allowing the attack, there’s no specific organization to shame or blame. Plus, it’s way too easy to point fingers at everyone else in the room and say there was nothing that could’ve been done, as everyone is responsible. Further, security costs money, and at the moment, companies want to pour their resources into grabbing IoT market share, not plugging holes that may or may not cause problems downstream. Unfortunately, this kind of thinking invites regulators and legislators to step in and attempt to dictate technology standards and best practices to address harms, both real and imagined.Read more...
Monday kicked off National Health IT week! While the United States has made progress in moving towards a more modern healthcare system, significant work remains. There’s no disputing that our medical device and health technology companies are the most advanced on the planet, developing the solutions that are diagnosing diseases earlier, expanding treatment options, and improving quality of life. However, when it comes to healthcare and identity—making sure that the correct data is associated with the right patient, and ensuring that that information is able to be shared, analyzed, and acted upon in a timely fashion—the United States lags woefully behind many other developed nations.Read more...
The Secure ID Coalition is thrilled to announce the launch of its new Action Center to build grassroots support for the Medicare Common Access Card Act (H.R.3220/S.1871), a bipartisan measure in Congress that will upgrade the current paper Medicare card with the same secure, electronic smart card trusted by the Department of Defense to authorize access to its most secure IT systems and facilities—including the Pentagon.
Members of Congress have begun to recognize that if we are going to get serious about stopping Medicare fraud, we have to start by modernizing the current paper Medicare card. Last week Bloomberg BNA reported on the latest efforts by members of the House Ways & Means Committee to bring Medicare into the 21st Century by upgrading the Medicare Card. The article summarized efforts in last week's House Ways & Means Committee hearing in which Rep. Peter Roskam highlighted the Medicare Common Access Card Act (click here to watch Rep. Roskam tackle the issue head on).Read more...