09 December, 2008
Identity management and smart cards play a role protecting the Web.
The Center for Strategic and International Studies’ Technology and Public Policy Program released a report with recommendations of what President-Elect Barack Obama should do to secure cyberspace. Identity management and the use of smart cards make up a section of recommendations from the commission.
“Nearly every day our nation is discovering new threats and attacks against our country’s networks,” the report states. “Inadequate cybersecurity and loss of information has inflicted unacceptable damage to U.S. national and economic security. The president of United States must know what these threats are and how to respond to them.”
The commission started its work in August 2007 to review existing plans and figure out what a new administration should do and issued three major findings:
- Cybersecurity is now a major national security problem for the United States.
- Decisions and actions must respect privacy and civil liberties.
- Only a comprehensive national security strategy that embraces both the domestic and international aspects of cybersecurity will make us more secure.
The commission released a list of 25 recommendations, including creating a National Office for Cyberspace, and another four of which deal with identity management. The report says:
- The United States should make strong authentication of identity, based on robust in-person proofing and thorough verification of devices, a mandatory requirement for critical cyber infrastructures (energy, finance, government services). The president should direct the National Office for Cyberspace and appropriate agencies, using the federated regulatory model and consulting with industry and the privacy and civil liberties community, to implement critical infrastructure authentication. The president should receive a report on progress within six months.
- The United States should enable consumers to use strong government-issued credentials, or commercially issued credentials based on them, for online activities, consistent with protecting privacy and civil liberties.
- In a related initiative, the Federal Trade Commission (under its authority under Section 5 of the FTC Act or the Graham-Leach-Bliley Act) should implement regulations that protect consumers by preventing businesses and other services from requiring strong government-issued or commercially issued credentials for all online activities by requiring businesses to adopt a risk-based approach to credentialing.
- The president should, by the end of the first year of the presidential term, require every agency to report on how many of their employees, contractors, and grantees are using credentials that comply with HSPD-12 and restrict bonuses or awards at agencies that have not fully complied.