White House: Private Sector Must Lead Internet Security Fight
The proper role for the U.S. government in strengthening e-commerce security is that of catalyst and coordinator, said NIST policy advisor Ari Schwartz. "This effort will not work if the government takes it over. We can't run it ourselves, but the government can have a role in such things as standards development and interoperability."
Jan 18, 2011 5:00 AM PT
The world of Internet commerce is booming -- but on a parallel track, identity theft, loss of privacy and fraud are skyrocketing as well. While the government has a role in combating Internet security abuses, two top administration officials visited Silicon Valley to emphasize that the private sector needs to lead the way in developing innovative IT security solutions.
At a cybersecurity forum in Palo Alto, Calif., earlier this month, U.S. Commerce Department Secretary Gary Locke announced the creation of a national program office at the department to focus on improving the security of sensitive online transactions.
"E-commerce sales for the third quarter of 2010 were estimated at more than (US)$41 billion, up 13 percent over the same period for last year. Early reports indicate that the recent holiday season saw similar growth. Despite these ongoing successes, the reality is that the Internet still faces something of a 'trust' issue," Locke said at the forum hosted by Stanford University, "and the Internet will not reach its full potential until users and consumers feel more secure than they do today when they go online."
Internet Security Catalyst
The office will function as a major vehicle for implementing the forthcoming National Strategy for Trusted Identities in Cyberspace (NSTIC) in both the public and private sectors. The goals of the office include the following:
1) building a consensus on legal and policy issues to make the trusted identities strategy successful, including ways to enhance privacy, free expression and open markets;
2) working with the private sector to identify where new standards or collaborative efforts may be needed;
3) supporting intergovernmental collaboration; and
4) promoting important pilot projects.
"We see the office as a catalyst and coordinator for promoting Internet security," Ari Schwartz, senior internet policy advisor at the National Institute for Standards and Technology (NIST), told the E-Commerce Times. "The private sector will be a major, if not leading, factor. This effort will not work if the government takes it over. We can't run it ourselves, but the government can have a role in such things as standards development and interoperability."
NIST is an agency within the Commerce Department and will likely be assigned to operate the program office.
Private Sector Challenged
At the forum, White House cybersecurity coordinator Howard Schmidt alluded to some of the technologies that need to be developed to enhance security in the future, including personal credential mechanisms that reduce the need for multiple passwords; that limit the vulnerability of using one password repeatedly for many years; and that overcome website security deficiencies.
The range of applications not only involves identify theft, but also limiting and controlling personal information gathered by Internet transactions.
"Hopefully, many of you will be involved in creating these technologies to help bring us forward," Schmidt told the IT developers attending the forum
While the program office may concentrate on policy issues, it could also have a role in fostering technology innovations. "One way we can move the technology along is through the pilot projects that will be sponsored through the office," Schwartz said. "We don't have a pilot project budget for 2011, but we hope that next year we can start rolling them out."
Creation of the program office is supported by businesses.
"The rapid pace of innovation for identity management, security and privacy technologies traditionally outpaces that of the rate of adoption in the government market," Jennifer Kerber, vice president, federal and homeland security Policy at TechAmerica, told the E Commerce Times. "I hope the program office will promote innovation in the private sector and spread the word on these innovations in the public sector." TechAmerica, which represents major IT companies and organizations, cosponsored the Stanford forum.
"It's a natural fit for the program office in meeting the goal of the NSTIC to facilitate the private sector's ability to establish identity solutions and privacy-enhancing technologies," Kerber said. "Issues of trusted identity are not just faced by U.S. companies or the federal government. They are global in nature and require a partnership between government and industry."