When we hear the word “cyberspace” most of us think of our little world on the Internet, but it’s much more than that.
Cyberspace is, “the interdependent network of information technology infrastructures, and includes the Internet, telecommunications networks, computer systems, and embedded processors and controllers in critical industries. Common usage of the term also refers to the virtual environment of information and interactions between people” as defined by the National Security Presidential Directive 54/Homeland Security Presidential Directive 23 (NSPD-54/HSPD23).
On June 25, 2010, via the White House blog, a draft release of National Strategy for Trusted Identities in Cyberspace (NSTIC) was announced. It was described as, “a blueprint to reduce cybersecurity vulnerabilities and improve online privacy protections through the use of trusted digital identities.”
In June it was just a “draft,” but on January 7, 2011, Howard A. Schmidt, Cybersecurity Coordinator and Special Assistant to the President, and Commerce Secretary Gary Locke announced that the National Program Office (NPO) will be moving forward with a national identity program, expected to be implemented within months. In fact, some of you may have already been asked to participate in a test group.
“We have a major problem in cyberspace, because when we are online we do not really know if people, businesses, and organizations are who they say they are” Schmidt stated via The White House Blog.
One goal of the NSTIC is to “reduce inefficient identification procedures” and improve security and privacy. This would involve getting credentials from various online providers, such as a digital certificate, to prove individuals and websites are who they say they are when performing transactions, online banking, accessing personal information and records, and sending email. The NPO envisions a process where you sign in once and move among your sites without signing in each time. Details are vague, but users will have control over how much information they input and whether they want to surf verified or log out and remain anonymous.
A big question this all brings up is, what happens if someone hacks into or steals your online identity. Now they don’t just have your password, computer or phone–they’ve got your “digital certificates” verifying your identity and possibly allowing thieves to float among your financial sites. It seems like a lot of damage could occur pretty quickly. I can just hear the banks and credit reporting agencies now–“but you were logged in using your verified national identity.”
Identity Ecosystem–Sounds Gritty
This new world, as envisioned in the NSTIC is called the Identity Ecosystem. With the help of some in the private sector, Schmidt states, “Now is the time to move forward with our shared vision of a better, more secure cyberspace.”
Here is a link to the Cyperspace Policy Review.
Schmidt, Howard A. “The National Strategy for Trusted Identities in Cyberspace.” The White House Blog. 25 June 2010. Web. 12 Jan. 2011.
Schmidt, Howard A. “A National Program Office for Enhancing Online Trust and Privacy.” The White House. 7 Jan. 2011. Web. 12 Jan. 2011.
Let us know what you think? Is this new program too intrusive? Should the government focus more on securing infrastructure and less on personal interactions and business? Or is this a change that is long over due?