This site contains information from January 2009-December 2014. Click HERE to go the CURRENT website.

U.S. Commerce Secretary Gary Locke, White House Cybersecurity Coordinator Howard A. Schmidt Announce Next Steps to Enhance Online Security, Planned National Office for Identity Trust Strategy

Friday, January 7, 2011

Planned office will foster private-sector collaboration in growing confidence, privacy and convenience in online transactions


At a forum with Silicon Valley business and academic leaders at Stanford University, U.S. Commerce Secretary Gary Locke and White House Cybersecurity Coordinator Howard A. Schmidt today announced plans to create a National Program Office to help foster an environment in which sensitive online transactions can be carried out with greater levels of trust.

The National Program Office, to be established within the Department of Commerce, would coordinate federal activities needed to implement the National Strategy for Trusted Identities in Cyberspace (NSTIC), an Obama administration initiative aimed at establishing identity solutions and privacy-enhancing technologies that will make the online environment more secure and convenient for consumers.  The national office would serve as the point of contact to bring the public and private sectors together to meet this challenge.

“The Internet will not reach its full potential until users and consumers feel more secure and confident than they do today when they go online,” Locke said. “A coordinated national strategy to significantly improve online trust will put e-commerce on stronger footing. The National Program Office will engage the best minds in the field from both the public and private sectors to give people greater confidence that their personal information is safe when they engage in online transactions.”

“With the full participation of industry and the general public, NSTIC plans to nurture the development of a secure and privacy-enhancing ‘identity ecosystem’ for the Internet,” Schmidt said. “This identity ecosystem would instill greater confidence in online transactions with less personal information being collected and stored with each transaction, lowering the risk of identity theft.”

Created in response to President Obama’s Cyberspace Policy Review, NSTIC is a key building block in the national effort to secure cyberspace.  NSTIC strives to enhance online trust through increased security and privacy.  It focuses on improving the ability to authenticate individuals, organizations, and the underlying infrastructure, such as servers and routers, involved in sensitive online transactions. At the same time, it provides consumers a choice - those who want to remain anonymous for activities like blogging will continue to be able to do so. Online service providers that opt in to such a system would follow a set of security and privacy guidelines.

NSTIC’s anticipated benefits for consumers include increased convenience, security and privacy.  For example, implementation of NSTIC would allow users the option to obtain secure, interoperable credentials from a range of service providers that would authenticate their identity for a variety of transactions such as banking, accessing electronic health records and ordering products. This would simplify these transactions for users and reduce the amount of private information users must reveal to the many organizations they deal with online. Such a marketplace will ensure that no single credential or centralized database can emerge.

In the NSTIC vision, businesses would enjoy new market opportunities, with the ability to deliver services and transactions previously considered too risky.  Government would be able to expand online services for constituents, so they can operate with greater efficiency and transparency; remove impediments to e-commerce; and increase public safety by bolstering the integrity of networks and systems.

As the Federal coordinator, the National Program Office would collaborate with other Federal partners, including the Department of Homeland Security and the General Services Administration on NSTIC implementation. The National Program Office would work to:

  • Build consensus on legal and policy frameworks necessary to achieve the NSTIC vision, including ways to enhance privacy, free expression and open markets;
  • Work with industry to identify where new standards or collaborative efforts may be needed;
  • Support collaboration within the government; and
  • Promote important pilot projects and other NSTIC implementations.

E-commerce worldwide is estimated at $10 trillion of business online annually.  E-commerce sales for the third quarter of 2010 were estimated at over $41 billion; up 13.6 percent over the same period last year.

“Identity theft is rampant and growing.  Increasingly sophisticated cyber hackers and thieves continue to steal personal information, bank account data and proprietary information. The NSTIC will take important steps forward to enhance the trust of user and consumer confidence in all of their online transactions,” said U.S. Senator Barbara A. Mikulski.   

Senator Mikulski, who chairs the Commerce, Justice, Science subcommittee on Appropriations, added “I will be an active partner with Secretary Locke, NIST Director Gallagher and Cybersecurity Coordinator Schmidt to implement this important program.  I can think of no better place than the National Institute of Standards and Technology for this important initiative to be housed.”

“Establishing this office represents an important step in the process of protecting the security and privacy of online transactions, said U.S. Senator John D. Rockefeller IV, Chairman of the Senate Committee on Commerce, Science and Transportation. “ It’s a critical piece of the larger cybersecurity puzzle.  I look forward to working with the Administration this year in enacting comprehensive legislation that will address the challenges we face in securing cyberspace.”

Later this year, the Commerce Department plans to hold a workshop to highlight the existing initiatives in this strategy.  Representatives from industry, academia, civil society organizations, standards-setting organizations, and all levels of government will be encouraged to attend and collaborate on the development of an interoperable identity ecosystem.