In The News: The National Strategy for Trusted Identities in Cyberspace

WWW on GlobeEvery long journey begins with a first step; and the US Government has announced the beginning of a long journey to make the Internet safer for all of us to transact business. The Whitehouse Cyber Security Coordinator and Special Assistant to the President, Howard Schmidt, announced a draft plan for improving online privacy and security through the use of a trusted digital identity system. The National Strategy for Trusted Identities in Cyberspace (NSTIC) whose objective is to improve cyberspace for all those who conduct business online, was made public on June 25, 2010. It’s in draft form and comments are encouraged by anyone with suggestions to improve it.

The reason this strategy has been developed is that cyber crime, especially when conducting business transactions online, has become pervasive throughout the Internet and we simply can no longer completely trust that a transaction will be safely and securely completed.

This problem is enabled by the current design of the Internet. It was originally designed on the principle of trust, among researchers who knew each other. And they kept it open and shared. However, those same principles of openness and trust allow cyber criminals to operate freely with anonymity because the Internet has no built-in mechanisms for knowing, with any certainty, who sent what or who has just stolen your data.

This new strategy seems to have merit in that it’s design is based on sound security principles, it’ll be governed by standards, there is a reasonable plan, albeit high-level at this time, and it’s going to be supported by the US Government. On the downside, I can see potential issues such as the cost of the smart identity cards and the hardware to read them, how well the global community will adopt the strategy, the safety of the smart identity cards themselves (they’re computer devices) from being hacked or in some way compromised…well, you get the idea. However, all these potential issues can be overcome in time; and I’m optimistic about this program. It surely is a better approach to a complete scrapping of the Internet as we know it and to start over with a new design; as has been studied for several years now.

At first blush, my opinion is that this strategy is a good approach and we should give this document a good read and evaluation. Then, let’s discuss it’s pros and cons and those of us who feel so inclined should comment on the draft. I’m not saying it’s a perfect solution, but we must do something to make the Internet safer. I’d say let’s take this first step on the journey.

Take a look at the document and let me hear your comments and opinions; we all learn from each other when our views and opinions are shared.

I hope you enjoyed this article.  If you enter your email address in the Email Subscriptions box on the home page, I’ll send you an email when a new article is posted.  I don’t share your email address with anyone…no one; I hate spam too.  Please share my site with your friends and family.  Thanks.

Remember, home computing is a blast…keep it productive and enjoyable.

Best regards,



Filed under In the News, Internet, security

8 responses to “In The News: The National Strategy for Trusted Identities in Cyberspace

  1. Tech Paul,

    There’s nothing wrong with cynicism when it comes to the Internet – except when it gets in the way of a reasoned and considered approach to problem solving. Rather than pointing out the flaws in an approach that could have substantial impact on improving current conditions, a positive and helpful response that takes into account the complex nature of the issue, would be more appropriate, it seems to me.

    I’ve read your previous comments with respect to this issues, and the the immutable reality you fail to consider is this – the Internet is NOT going to be reinvented. That is a hard fact.

    Every human endeavor, at every stage of our history and development, has been subject to attack by the criminally inclined. To expect that the Internet, either in the present, or in the future, to be somehow immune from this is somewhat ingenuous.

    The cards have been dealt – it’s up to us to work within the confines of that reality. Cynicism is hardly a key element in that process.

    • Bill,
      Thanks for your comment. For sure, there are two camps when it comes to improving the Internet; those who want to scrap it and start over and those who think that a more incremental approach is best. I tend to think that the scrapping it and starting over approach is just too expensive, will take too long, and may not work anyway. I’m for developing a thoughtful and workable strategy, this one being a starting point, that will have many aspects to it that will attack many fronts at once…authentication being only one of them. As usual, you bring a very valid opinion to the discussion…thanks for that.

  2. I have a real concern regarding “identity tokens” (seems a trust “transferal” for one thing) as I am just cynical enough to understand that if a system is put up, a certain type of human will figure out a way to exploit and abuse that system. In the case of “cyber identities” who will be first (to exploit and abuse) — the “good” government, or the “bad” cybercriminal?

    But it is only a “draft proposal”.. and I am not expert enough to guage if the opinion that Authentication is the missing ingredient is the right one. I just have to fall back to that old saw — “Que bene?”
    (It seems to me, the answer is hardly ever “Joe Citizen”.)

    Nice write up, sir!

    • Paul,
      Thanks for stopping by. You make good points. Only time will tell how effective this strategy is. Until it’s vetted and further fleshed out we don’t know how well the threat protection will work. However, it seems to me that we need trust to be introduced into the Internet equation in order to have a fighting chance to reduce the amount of cybercrime; and this may well be the solution. Time will tell.

      • I am only a support and repair tech, but I have read enough to have learned that the “Three Pillars of InfoSec” are C.I.A. (creepy, eh?):

        Confidentiality: Information is disclosed only to authorized persons or organizations.
        Integrity: Information is accurate, authentic, complete and reliable.
        Availability: The systems responsible for delivering, storing and processing information are accessible to authorized users when required
        The word “authorized” is in there twice, so I am guessing it might be kind of important. I guess the main thing I am wondering about this proposed “Internet ID” token is, who will be the CA? (That might be a nice contract to land) Will there be dozens? Like there are dozens and dozens of ISP’s? Will some of them be criminal-sympathetic? (as there are criminal-sympathetic ISP’s.) And with the money these criminals have, how hard would it be for them to buy a CA employee? Or hire people to sign up for tokens for them?
        As I said: I am cynical. I see this as a breakable system glued on to fix a broken system. I will try to be optimistic, and I do applaud the “steps in the right direction”. But I much prefer the approach you have mentioned here before – to go after these guys in such a way as to make being a cyber-criminal a very, very risky and very, very unprofitable career choice.

      • Paul,
        You’re points are appropriate and well founded. And I don’t think this strategy, while being a good first step, will fix all the cybercrime problems, nor does it preclude being more “proactive” in going after the bad guys…my opinion. BTW, a bit of cynicism is just what’s needed in the evaluation of this strategy and the problem in general. Thanks for your opinion, and for stopping by.

  3. Hi Paul,

    Governments may not have all the answers to cyber security, nevertheless, this issue is finally showing up on their radar. Resolving the issue, will involve a long and painful journey I suspect, but recognition that resolution is possible, is encouraging.



What do you think?

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s