Happy NSTIC-iversary!

The NSTIC at Two Years

The release of the National Strategy for Trusted Identities in Cyberspace (NSTIC) by the White House in April 2011 put forth a monumental challenge: a call for a new private-public sector partnership to create an Identity Ecosystem, where all consumers could choose from a variety of credentials that would enable more secure, convenient and privacy-enhancing transactions everyplace they go online.   Monday marked the two year anniversary of the NSTIC release, and we gathered at the National Cybersecurity Center of Excellence (NCCoE) in Maryland – as part of a broader event – to brief U.S. Senator Barbara Mikulski, NSA Director General Keith Alexander, Maryland Governor Martin O’Malley and others about the progress NSTIC has made toward catalyzing a marketplace for trusted identity solutions.  This progress is due in no small part to the commitment and invaluable contributions of a broad range of stakeholders who have risen to meet the President’s challenge. Today, thanks to these partners, we can point to a number of milestones including: 

• The creation of the Identity Ecosystem Steering Group (IDESG): The IDESG, created to administer the development of policy, standards, and accreditation processes for the Identity Ecosystem Framework, held its first meeting this past August.  Since then, the group has formalized a governance structure, elected officers, and launched a variety of committees that are currently driving the creation of different elements for the Framework.  Today, the IDESG has  nearly 200 organizations as members and more than 400 participating individuals.
• The award of five pilot projects:  On Sept. 20, 2012, NIST awarded more than $9 million across five organizations to fund NSTIC pilots – demonstrating new identity solutions that increase confidence in online transactions, prevent identity theft, and give individuals more control over how they share their personal information.   These pilots are all well underway, with a steady stream of milestones expected over the rest of the year as they each hit “go live” milestones.  The pilots are collectively rolling out new trusted identity solutions across health care, e-Commerce, online banking and brokerages, industry associations, universities, state and Federal government, and organizations serving seniors.  As we look to catalyze a marketplace of private-sector credentials providers, the NSTIC pilots are helping to address the “chicken and egg” problem that has vexed previous identity initiatives and are demonstrating the viability of trusted identity solutions across multiple sectors. 
• NIST released a FFO to award a second round of NSTIC pilot grants this past January, and last week selected 13 finalists to submit full proposals for these grants; we expect awards to come in September. 
• The launch of a new, state-focused NSTIC pilot program:  with funds provided by the Partnership Fund for Program Integrity Innovation, the NPO just launched a new NSTIC pilot opportunity focused on helping state governments pilot on-line identity solutions for accessing government services that embrace and advance the NSTIC vision.  Proposals are due May 16, 2013. 
• Facilitating the Federal government’s role as an early adopter of the Identity Ecosystem:  by working with agencies to help them align with NSTIC, and by partnering with the United States Postal Service and General Services Administration to create a Federal Cloud Credential Exchange (FCCX) solution that simplifies the technical integration process for accepting accredited externally-issued digital credentials. 

Together, these initiatives are helping to influence the marketplace, address barriers to marketplace adoption, and create a framework to support a viable Identity Ecosystem.  The potential of the Identity Ecosystem has always been exciting; indeed, nobody captured it better than President Obama in his introductory letter in the NSTIC, when he said: 

“The simple fact is, we cannot know what companies have not been launched, what products or services have not been developed, or what innovations are held back by the inadequacy of tools, like secure passwords, long ago overwhelmed by the fantastic and unpredictable growth of the Internet. What we do know is this: by making online transactions more trustworthy and enhancing consumers’ privacy, we will prevent costly crime; we will give businesses and consumers new confidence; and we will foster growth and innovation, online and across our economy – in some ways we can predict, and in others ways we can scarcely imagine. Ultimately, that is the goal of this strategy.”  

But as powerful as the ideas in NSTIC are, its realization depends on continued robust public and private sector participation. For us, this means not slowing down. Going forward, the Federal government will continue to lead as an early adopter of NSTIC-aligned solutions with the rollout of the FCCX and additional grant funding for NSTIC pilot projects this summer. And with the marketplace responding to problems with passwords, as evidenced by firms like Google, Microsoft, Amazon and Apple starting to offer customers multi-factor authentication, the government will continue working to ensure individuals have choices that are privacy-enhancing, secure, interoperable, cost-effective and easy to use. For you, this means taking your seat at the table to help achieve shared goals of enhancing online choice, efficiency, security, and privacy. Without question, the most important forum for stakeholders to convene and collaborate on solutions to enable the Identity Ecosystem is the IDESG. We encourage you to learn more about the organization and register to attend its next meeting, May 9-10 in Santa Clara, Calif. where members will develop a work plan for the summer months, hear from the NSTIC pilot projects and see demonstrations of their progress, and, participate in a workshop to identify a set of use cases of the Identity Ecosystem in use in real world applications.  For more on the IDESG, visit: http://www.idecosystem.org/. We appreciate the efforts so many of you have made over the last two years; we are truly making progress!  We look forward to working more with you over the months and years to come as we drive material improvements in the way we enable trusted identities in cyberspace.