Private Sector Has Biggest Role in Implementing Online Identity Security, Government Says
Solutions and government strategies for fostering greater consumer identity privacy and online trust can’t emerge without significant involvement from the private sector, government officials said in keynotes at a TechAmerica conference in Washington. The private sector will be responsible for the vast majority of solutions for better security, said Phil Reitinger, deputy under secretary at the Department of Homeland Security. “The pace and investment in the private sector and information technology generally dwarfs what we can do in government."
Sign up for a free preview to unlock the rest of this article
Timely, relevant coverage of court proceedings and agency rulings involving tariffs, classification, valuation, origin and antidumping and countervailing duties. Each day, Trade Law Daily subscribers receive a daily headline email, in-depth PDF edition and access to all relevant documents via our trade law source document library and website.
The importance of the private sector in informing the National Strategy for Trusted Identities in Cyberspace (NSTIC) can’t be overemphasized, said Ari Schwartz, senior Internet policy adviser at the National Institute of Standards and Technology. “The private sector will ultimately decide the success or failure of NSTIC."
Connectivity, complexity and criticality have increased the risk of breaches, Reitinger said. “We've got a lot of work to do because the current ecosystem in which we live and operate was not designed to address the dependency we've got and the threats that we face.” Implementation of solutions that enable a distributed response to problems is key, he said. There is security, but it tends to be in stove pipes, he added. “We need community security."
The government worked with the private sector to develop a National Cyber Instant Response Plan, Reitinger said. The process was “designed to be inclusive” and required work across government agencies and with the private sector, he said. “What we can’t do is have a special plan that we activate only when the ugly thing happens.” The nation needs a plan that’s used from day to day and allows levels to be raised in emergency situations, he said.
To draft NSTIC, NIST received several suggestions from the private sector, Schwartz said. Many of the ideas will serve as guiding principles for the strategy, he said. “Identity solutions will be privacy-enhancing and voluntary.” They also will be resilient, interoperable and cost-effective, he said. Private sector organizations will have to “identify the most efficient ways to coordinate implementation activities with the government.” The agency expects President Barack Obama to sign the strategy this winter, he said.
The need for more cybersecurity professionals must continue to be addressed, Reitinger said. DHS often competes with the private sector for more staff, he said. The interchange between the public and private sectors is good, he said. But that good interchange “is not going to do us any good if we're all just competing and losing continuity and not having the ability to build out the broad workforce that we need.”