The U.S. government is increasing its efforts to identify, authenticate and authorize people online. This month it’s releasing a draft of a Strategy for Trusted Identities in Cyberspace proposal that includes promoting a “national identity ecosystem,” in which one option will be national identity cards. Legislators are looking the draft over, but the plan is far along — and, some would argue, comes none too soon.
“Cyberspace — the interdependent network of information technology components that underpins many of our communications — is a crucial component of the nation’s critical infrastructure,” the draft states. “The nation faces a host of increasingly sophisticated threats against the personal, sensitive, financial and confidential information of organizations and individuals.” It then delivers sobering numbers: In 2009 the Internet Crime Complaint Center, or IC3, website received 336,655 complaints, up 22.3% from 2008. The total dollar loss from all the cases referred in 2009 was $559.7 million, up from $264.6 million in 2008.
According to the draft strategy, cybercriminals exploit weak identity solutions for individuals, websites, email and the infrastructure that connects to the Internet. And by “weak,” the draft means passwords. This should come as no surprise to CIOs grappling with federated identity and single sign-on for managing identities in their hybrid cloud environments. It will be worth watching the evolution of a national identity ecosystem based on industry standards and backed by a partnership of private and public enterprises. In it, identity would be authenticated in a variety of ways and on various devices. Stay tuned to SearchCIO.com next week to learn more.
The potential for national identity cards scares the dickens out of regular folks who fear Big Brother and don’t realize what a big problem cybercrime is. The more than 10 million Americans who are victims of identity theft each year each can spend as much as 130 hours reconstructing their identities (credit rating, bank accounts, reputation, for example) following an identity crime, according to the Federal Trade Commission. But the financial risk for businesses and indeed, the national GDP, is alarming — and is heightened by the fact that we lack enough jurisprudence to figure out who is responsible for a business loss caused by a cyber event. That problem is being explored on SearchCIO.com this week and next.
The aggregation of network infrastructures with open APIs, the greater numbers of businesses using cloud services, the sheer amount of information and the nature of that data — all pose enormous risks, said Drew Bartkiewicz, senior vice president of technology and new media markets for The Hartford Financial Services Group in New York. “You talk about credit card data. . . . That’s so 2000,” he said. “Companies’ forecasts, people’s social reputations — whether they’re part of a gun group or are surfing a dating site when they’re married — all that data is becoming grounds for information malpractice,” he said.