Today was the first day of the NSTIC Governance Conference in Washington. The intent of today and tomorrow is to start to generate the discussion about the governance model for the broad NSTIC program and that combined with the NOI released yesterday, see
http://www.nist.gov/nstic/nstic-frn-noi.pdf, the belief is that a workable governance model should emerge.
Today started with introductions from Howard Schmidt and Jeremy Grant. Probably the biggest news out of it was the multiple mentions of the newly publicized breach at CITI. Along with that Jeremy threw out some interesting stats when he introduced NSTIC:
- when DOD moved to their Common Access Card from passwords for authentication they saw a near immediate drop in breaches of 46%
- last year there were 8.1 million US citizens affected by ID theft totaling $37 billion in losses.
Clear reasons why moving to stronger credentialing is important.
Howard made it clear that this is not an effort that means government credentialing of the citizenry. In fact he was very clear to say, as does NSTIC, that the credentialing needs to come from the private sector and the government can help that advancement with some funding for pilots and leading by example, such as FICAM credentialing efforts and being an early adopter. This plays into something that Jeremy also brought up that there needs to be services to use the credential for interest to occur. In discussing this idea he invoked Metcalfe's Law, the idea that the value of a network (telecom in Metcalfe's case) is proportional to the square of the number of connected users. A graphic he showed with the pinnacle being economic benefit based on trusted identities leading to enhanced security and improved privacy re-enforces the idea that the end goal here is to improve the capabilities to deliver services electronically. That of course needs services to be trusting the credentials and needs people using credentials that are available.
After these introductions the agenda switched to the discussion on governance. The latter part of the morning was focused on how different parts of the technology and application sphere built governance and saw people like Chris Louden discuss FICAM and Joni Brennan of Kantara discuss Kantara and the OIX linkage. Other speakers covered efforts within NACHA, SmartGrid and OMB.
The afternoon saw another element of the though process with Tom Smedinghoff kicking off the afternoon discussing elements of the framework and how legal/policy/contracts and the technical side intersect and become somewhat co-dependent (my words - not Tom's). Other speakers included some interestingviews on privacy from the ACLU, and other views on governance structure from eCitizens Foundation and OASIS.
The afternoon then split into work groups and I will give a synopsis of that tomorrow after round 2 concludes.
All in all an interesting set of discussions and it is obvious that there is still much work to be done.
- Posted using BlogPress from my iPad
No comments:
Post a Comment