Identity is the cornerstone for Cybersecurity

The security in any transaction comes from knowing exactly with whom one is doing business. Cyberspace is no different. Knowing the person on the other side of the network is who they claim to be is critical for our underlying economic and network security. Identity management offers the ability to know who specifically is authorized to access information and networks.

Both the report Securing Cyberspace for the 44th President issued by Center for Strategic and International Studies (CSIS) issued in December 2008 and the White House Cyberspace Policy Review released in May 2009 highlight identity as a key element in ensuring only those that are authorized can gain access to sensitive and secure networks.

CSIS - Securing Cyberspace for the 44th President

  1. US should make strong authentication of identity, based on robust in-person proofing and thorough verification of devices, a mandatory requirement for critical cyber infrastructure
  2. Anonymity is important but weak online identification is inappropriate in circumstances where all legitimate parties to a transaction desire robust authentication of identity.
  3. Weak identification and authentication limit an organization’s ability to enforce security policies to protect sensitive information and systems, and it hinders effective governmental and industry response to cyber attacks.
  4. Implementing a digital credentials for transactions could reduce fraud while increasing security and privacy protection.

White House - Cyberspace Policy Review:

  1. Build a cybersecurity-based identity management vision and strategy that addresses privacy and civil liberties interest, leveraging privacy enhancing technologies for the Nation.
  2. Identity management also has the potential to enhance privacy through additional protection against the inappropriate release of personal identifiable information.
  3. Increased use of on-line transactions involving financial, health and commerce require a basis for building trust between the parties to a transaction
  4. The Federal Government should ensure resources are available for full federal implementation of HSPD-12.
  5. The Federal Government should consider extending the availability of federal identity management systems to operators of critical infrastructure and to private sector emergency response and repair service providers for use during national emergencies.

It is with these findings and information in mind that the Secure ID Coalition agrees with Robert Lentz, Deputy Assistant Secretary of Defense for Cyber, Identity and Information Assurance, more needs to be done to protect identity and protect critical infrastructure networks. We support the appointment of a Cyber Czar to address identity as reducing anonymity is key to ensuring security and resiliency of the network. We also support a date certain for full implementation of HSPD-12 for logical access to computer networks not only for all federal government employees and contractors but, also critical infrastructure personnel. Finally, we encourage the support of HSPD-12 as an underlying standard for State and Local governments to meet cybersecurity requirements under any grant or funding program.

Learn How

Secure ID News to Know

  • Making Medicare Smart

    Today the House of Representatives took a significant step forward to protect seniors and ensure the solvency of the Medicare program by unanimously passing the bipartisan Fighting Fraud to Protect Senior Care Act – HR.6690. The bill calls for a pilot program to test modernizing the Medicare card by incorporating smart card technology to prevent waste, fraud and abuse.

    This landmark program will enable front-end authentication of Medicare beneficiaries and providers at point of care and support back-end data analytics to ensure transactions are legitimate. The Government Accountability Office estimates that such a program can positively impact over 22% of all Medicare improper payment and fraud cases. With Medicare waste, fraud, and abuse costing US taxpayers an approximated $60 billion every year, the Fighting Fraud to Protect Senior Care Act will help prevent over $13.2 billion from being lost on a yearly basis.

    We thank Congressman Peter Roskam and Congressman Earl Blumenauer for their heroic effort to protect Medicare for all Americans: beneficiaries, providers, and taxpayers alike.

  • The Five Things IoT Manufacturers Can Do To Future-Proof the Industry

    If there’s one thing that we’ve learned over the past few days since the Internet of Things (IoT) distributed-denial-of-service attack (DDoS) attack gave the Internet brain freeze last Friday is that (1) IoT devices are insecure, (2) we have a really good idea what needs to be done to make them more secure, yet (3) it’s hard to get everyone on the same page in dedicating the resources to actually make them more secure.

    While that might seem like a stark truth, it only makes sense given how our economy and legal system works. Since no one company or device was responsible for allowing the attack, there’s no specific organization to shame or blame. Plus, it’s way too easy to point fingers at everyone else in the room and say there was nothing that could’ve been done, as everyone is responsible. Further, security costs money, and at the moment, companies want to pour their resources into grabbing IoT market share, not plugging holes that may or may not cause problems downstream. Unfortunately, this kind of thinking invites regulators and legislators to step in and attempt to dictate technology standards and best practices to address harms, both real and imagined.

  • Patient Identity: Getting Back to Basics for National Health IT Week

    Monday kicked off National Health IT week! While the United States has made progress in moving towards a more modern healthcare system, significant work remains. There’s no disputing that our medical device and health technology companies are the most advanced on the planet, developing the solutions that are diagnosing diseases earlier, expanding treatment options, and improving quality of life. However, when it comes to healthcare and identity—making sure that the correct data is associated with the right patient, and ensuring that that information is able to be shared, analyzed, and acted upon in a timely fashion—the United States lags woefully behind many other developed nations.