Cyberspace has security problems, and the U.S. government is trying to do something about it. The National Strategy for Trusted Identities in Cyberspace (NSTIC) is promoting a plan and taking actions to move citizens beyond usernames and passwords to more powerful methods of authentication. In recent years, massive data theft has occurred in the cyber realm. Even strong passwords are vulnerable to hackers.
Identities are difficult to verify online, forcing many government and civilian transactions to occur in person to satisfy security needs. Furthermore, the complexity of having multiple passwords for myriad accounts means that many people abandon using certain Web services instead of going through the process to recover passwords they forget. Trusted identification could provide the foundation for a solution, explained Dr. Michael Garcia, deputy director, NSTIC National Program Office, National Institute of Standards and Technology (NIST), at the Biometric Consortium Conference.
To illustrate his point, Garcia explained that the U.S. Defense Department’s intrusion rate dropped 46 percent after the organization banned passwords in favor of common access cards with public key infrastructure. Costs, policy and other barriers prevent certain groups from following this model, however. The NSTIC has within it the idea of an identity ecosystem that will improve online trust. Officials believe the marketplace exists for such technology. Industry will lead the way with government serving as a convener, facilitator and catalyst, Garcia said. The private sector must determine how to build an ecosystem in which it can swap out technologies for various reasons.