Federal Grants Wed Public-Private Cybersecurity Efforts

The debate in the U.S. Congress over a comprehensive national cybersecurity program is wearing on, largely because of differences over the roles of government and business in protecting information technology.

Elsewhere, however, cybersecurity awareness and research projects are being launched through cooperative efforts. For example, the National Institute of Standards and Technology (NIST), a unit of the U.S. Commerce Department, has just awarded more than US$9 million in grants to support the federal National Strategy for Trusted Identities in Cyberspace (NSTIC) program.

“Increasing confidence in online transactions fosters innovation and economic growth,” said Under Secretary of Commerce for Standards and Technology Patrick Gallagher.

“These investments in the development of identity solutions will help protect our citizens from identity theft and other types of fraud, while helping our businesses, especially small businesses, reduce their costs,” he noted.

The federal grants were awarded under the NSTIC program, a White House initiative to work collaboratively with the private sector, advocacy groups and public-sector agencies. Program goals include the development of secure, efficient, easy-to-use, and interoperable identity credentials to access online services to promote confidence, privacy, choice and innovation.

Program Features Joint Effort

The grant funding level is modest, but the awards set a tone for private and public sector cooperation in data security, with an emphasis on identity verification programs.

“While the National Strategy for Trusted Identities in Cyberspace (NSTIC) was issued by the government, it specifically calls for the private sector to lead the implementation of the Identity Ecosystem. There is a reason for this: If the government tried to do everything itself — say, by mandating nationwide adoption of a particular technology — the effort would fail,” Jeremy Grant, head of the NSTIC National Program Office, told the E-Commerce Times.

“The pace of innovation in this space in quite rapid, and the worst thing the government could do would be to mandate a particular solution that failed to harness the constant innovation in this space driven by entrepreneurs,” he explained.

One grant, for $1.6 million, was awarded to the American Association of Motor Vehicle Administrators. AAMVA will lead an effort to implement the Cross Sector Digital Identity Initiative (CSDII) to produce a secure online identity ecosystem that will enhance privacy and reduce the risk of fraud. A central goal of the project is to explore the integration of government-issued driver license verification information with other types of commercial identity verification techniques.

“One aspect of the program will involve how government verification data can be exchanged or coordinated with commercial identity verification and, in turn, how that relates to online identity systems. It will also involve factors such as customer consent and providing verification to persons with a legitimate need,” Geoff Slagle, director of identity management at AAMVA, told the E-Commerce Times.

Partners with AAMVA include the Commonwealth of Virginia Department of Motor Vehicles, Biometric Signature ID, CA Technologies, Microsoft and AT&T. The CSDII was launched in April 2011 by the Commerce Department, in cooperation with Northrup Grumman, Microsoft, CA Technologies, and CertiPath.

Skipping Passwords for Online ID

The goal of another project is to enable consumers to selectively share shopping and other preferences and information to reduce fraud and enhance the user experience. It involve access to Web services, seller logins to online auctions, access to financial services at Broadridge, improved supply chain management at General Electric, and first-response management at various organizations. Criterion Systems will lead the $1.6 million grant effort.

“This project will engage leading retail, financial services, healthcare, and government enterprises with an online identity verification service that can replace passwords, allow individuals to prove online that they are who they claim to be, and enhance privacy,” David Coxe, cofounder of Criterion, told the E-Commerce Times.

The project involves the use of the ID Dataweb (IDW) Attribute Exchange Network (AXN) open standards platform that expanded on Google’s Street Identity initiative to simplify online identity verification and increase online trust. The platform verifies identity attributes to validate businesses and consumers. Users are able to log in by using an identity provider, such as a government agency, bank, email or social network provider with whom they have an established online relationship. This digital credential is used in lieu of creating a new user name and password to interact online with each online enterprise service.

“The consumer is not charged to participate; online enterprises pay less, and attribute providers and identity providers generate new sources of revenue,” Cox said.

Partners include ID/DataWeb, AOL, LexisNexis, Risk Solutions, Experian, Ping Identity, CA Technologies, PacificEast, Wave Systems, Internet2 Consortium/In-Common Federation and Fixmo.

Grants Support 3 More Projects

The remaining three award recipients:

Daon for $1.8 million: The project will demonstrate how consumers, especially seniors, can benefit from a digitally connected, consumer friendly Identity Ecosystem that enables consistent, trusted interactions with multiple parties online. The pilot involves solutions that leverage smart mobile devices capabilities for consumer use. Team members include AARP, PayPal, Purdue University, and the American Association of Airport Executives.

Resilient Network Systems for $1.9 million: This effort promotes secure use of sensitive health and education transactions on the Internet by using a Trust Network built around encryption technology. Health partners include the American Medical Association, Aetna, the American College of Cardiology, ActiveHealth Management, Medicity, LexisNexis, NaviNet, the San Diego Beacon eHealth Community, Gorge Health Connect, the Kantara Initiative, and the National eHealth Collaborative. The education project involves childhood identity protections, and includes the National Laboratory for Education Transformation, LexisNexis, Neustar, Knowledge Factor, Authentify, Riverside Unified School District, Santa Cruz County Office of Education, and the Kantara Initiative.

University Corporation for Advanced Internet Development for $1.8 million: UCAID, known publicly as “Internet2,” intends to build a consistent and robust privacy infrastructure through common attributes, user-effective privacy managers, anonymous credentials, and Internet2’s InCommon Identity Federation service, as well as to encourage authentication and other technologies. Partners include Carnegie Mellon, Brown University, the University of Texas, the Massachusetts Institute of Technology and the University of Utah.

“We believe the private sector is in the best position to drive the technologies and solutions that will underpin the Identity Ecosystem — and also in the best position to ensure the Identity Ecosystem offers improved online trust and better customer experiences,” Grant said. “The appropriate role for the government to play here is as a partner, providing guidance, help and support that can catalyze the marketplace.”

The public-private aspect of the NSTIC program “acts as a catalyst for the use of new and existing solutions for establishing Internet privacy, security, interoperability and ease of use,” Coxe said, “to enable a new, more trusted identity ecosystem.”