In this digital age, connecting to the Internet can leave us at risk of having personal information stolen. As public safety agencies evolve and adopt new technologies, we must ensure that the sensitive information they capture and store is secure. NIST’s Public Safety Communications Research (PSCR) division’s Security Portfolio develops and enhances security solutions for current and future public safety communications. Identity, credential, and access management (ICAM) remains a major research focus for this portfolio.
Last year, PSCR held its first Public Safety and First Responders workshop, to discuss current best practices, gaps in security and technology, future-looking ICAM use cases, and the implications these technologies have on first responder daily operations. This year, our security team is following up with new guidance on critical topic areas under the ICAM umbrella, including identity federation, biometric authentication, and identity as a service (IDaaS).
Put simply, ICAM is a set of security disciplines that allows an organization to enable the right individual to access the right information at the right time. It is the tools, policies, and systems that allow an organization to manage, monitor, and secure access to protected resources.
The nationwide public safety broadband network presents the opportunity for public safety agencies to collaborate and communicate with each other. Interoperability (the ability to communicate and share information across systems using standards) between agencies when responding to an emergency is imperative for a successful response. This collaboration and interoperability must be implemented in a secure architecture to protect sensitive information. The federated solutions proposed via ICAM will provide this secure foundation and a solution that is specifically tailored to public safety challenges.
ICAM enables critical capabilities in the public safety realm including information sharing, authentication, and interoperability. These capabilities allow information to travel from one jurisdiction or agency to another, ensuring first responders are best equipped to do their jobs. In addition, ICAM supports future technologies that stand to impact the public safety communications field including mobile, cloud services, and biometric technologies.
PSCR security engineers have partnered with the National Cybersecurity Center of Excellence to provide guidance on three major topic areas: identity federation, identity as a service (IDaaS), and biometric authentication.
PSCR, in partnership with NCCoE, identified critical technology areas that will likely influence the public safety technology field in the near future. In the past year, the team has worked to produce several informative and guiding resources for stakeholders to explain the technology impacts, considerations, and best practices. These publications will truly set the stage and lay a common groundwork for the field before individual public safety agencies begin to implement security solutions in identity federation, IDaaS, and biometric authentication.
Identity federation is defined as a process that allows the transfer of identity and authentication information across a set of networked systems. A common example of this technology is using a Google account to log in to a third-party service. Identity federation can allow critical information sharing and interoperability and also enables mobile single-sign-on (using one authentication for access to multiple resources or applications without re-authenticating). PSCR’s upcoming publication: Using Identity Federation Technology To Achieve Public Safety Missions will further define federation, its benefit to public safety communities, and its key security components.
Identity as a Service (IDaaS) refers to the identities of system users being managed in the cloud as opposed to a more traditional solution like managing accounts locally. As an example, IDaaS would move the management of a local network running out of a police station to the cloud. The upcoming document: Identity as a Service (IdaaS) for the Public Safety and First Responder Community identifies the benefits of this technology, provides an overview of the different architecture types, and introduces key considerations for its adoption.
Biometric authentication is the automated recognition of an individual based on their biological or behavioral characteristics. This technology has become widely available in commercial devices for facial or fingerprint recognition to unlock a mobile device. Biometric authentication could allow first responders to use their fingerprint to access mission-critical information rather than typing in a long, cumbersome password. The upcoming report on this topic, Using Mobile Device Biometrics for Authenticating First Responders, will evaluate this new technology from a risk perspective, explaining the difference between secret and private information, challenges presented from shared devices, and the difference between physical and behavioral biometrics.
PSCR’s Security Portfolio is looking into cloud security as another critical topic that will affect first responders. Public safety organizations are already adopting cloud solutions and will continue to make the transition in the future as a cost saving measure. Over the next year, PSCR researchers are evaluating the security impact of using these cloud services to manage access to sensitive first responder data and how to increase trust in the security of these cloud platforms.
And while these publications are intended to be informational tools for PSCR’s stakeholders, the security team will also be using them to inform their future work in building out a public safety federated ICAM architecture at the NCCoE for testing.