Going After Security's Low-Hanging FruitVideo: Howard Schmidt Champions Online Trusted Identities
White House Cybersecurity Coordinator Howard Schmidt's pet IT security project is the National Strategies on Trusted Identities in Cyberspace, commonly known as NSTIC (pronounced en-stick).
NSTIC envisions an Internet ecosystem in which people can choose from a marketplace of trusted credentials that prove their identities so they can transact business safely online [see A Plan to Improve Online Security].
Why now? Creating trusted identities can be accomplished by employing existing resources, "low-hanging fruit," Schmidt says in a video interview with Information Security Media Group.
"It's something we should accomplish relatively easily," Schmidt says. "The technology exists today. Everybody wants to have an easier time managing their identities, so this is something we said would be a good way to do it, something that private sector can sort of take a lead on this, and help us build this ecosystem."
In the interview taped at the RSA 2012 security conference, Schmidt says NSTIC should help chief information officers and chief information security officers of all types of enterprises implement identity management solutions beyond usernames and passwords.
"Not everyone wants to build their own," Schmidt says. "To build that infrastructure, say in a medium-size corporation, there is some expense to go with it. If they can create an environment, where they can accept someone else's credentials for their employees, so they use the same thing for their stock purchase, their health benefits, their HR internally, it's much easier if someone else is building it; you can just benefit from that. The scale in use that we see in creating the ecosystem is going to make the jobs of the CISOs and CIOs in organizations a lot easier, a lot more cost effective."
In the interview, Schmidt discusses how:
- NSTIC's would be governed, and the roles the private sector and government should play in creating a more secure Internet ecosystem.
- Smartcards, tokens, USB drives and mobile devices could be utilized as trusted credentials.
- Privacy can be protected though trusted identities.
President Obama named Schmidt as special assistant to the president and White House cybersecurity coordinator in late 2009; he started his job as cybersecurity coordinator in January 2010.
Also see the video Schmidt Hopeful on Bill's Passage.