Discussions about identity and trust highlighted the 8th Annual Smart Cards in Government Conference that concluded today in Washington, D.C.
From healthcare to more efficient government information system development to Internet security, knowing with whom you are dealing and being able to authenticate their identity online is a top issue for the federal government. And as identity takes on greater urgency in Washington, the importance of smart card technology becomes increasingly evident to policy makers and government IT executives.
For example, personal identity verification credentials now exceed 60% penetration among federal employees and agencies are implementing logical and physical access control and other applications, according to GSA’s Judy Spencer, chair of the Federal Identity Credential Committee in the Federal CIO Council. A key initiative to help achieve government-wide and partner trust and interoperability using PIV credentials is the Identity Credential and Access Management subcommittee, which is within days of receiving final clearance to issue the first of two architecture, use case, and implementation guidance documents.
Another factor is that several members of congress have had their own computers hacked into. That makes it more personal and is helping to generate interest, said Tom Davis, the retired seven-term congressman from Virginia and director of Deloitte’s federal government services business.
Keynote speaker David Wennergren, deputy CIO U.S. Department of Defense and vice chair of the Federal CIO Council, sees the smart card industry at the “epicenter of change” in government’s IT future.
In his view, the completion of the PIV program and its use as an identity management tool is the foundation for “secure information sharing.” His vision is to enable a service oriented approach that decouples data from hard-coded applications. Citing several examples, he argued that by making data more available in a services architecture, new capabilities can be implemented more rapidly. He also sees the potential of Web 2.0 and cloud computing in government. The smart card-based PIV credential is essential to making these innovations work effectively together for government, because its two factor authentication provides trust and access control.
Identity presents a similar challenge in healthcare. “One of the challenges we face trying to implement healthcare systems nationwide is, Who is that patient? And, Do we know we have that patient?” asked Dr. Deborah Lafky, the security lead in the Office of the National Coordinator for Health IT. “If all patients had an identity card that we could rely on imagine how much simpler this problem would be.”
Lafky also issued a call to action for industry stakeholders interested in advancing smart cards as a technology solution for healthcare. “The single biggest thing that this industry can do is greater outreach to the healthcare industry to show them the vision of what could be if everyone had a trusted identity. I don’t think that they have that vision today,” she said.
In addition to strong credentials, another critical part of identity management is proving identity. Several speakers agreed that efforts to design more secure identity credentials are far ahead of efforts to define and standardize processes for securely vetting identities. There was a consensus among the presenters that a process is needed for the standardization of authenticating breeder documents used to originally establish an identity. In addition, there is a need to establish levels of identity proofing, corresponding to the four levels of assurance already established by the federal government.
It’s not about getting a perfect identity, however, cautioned Brett McDowell, executive director, Katara Initiative. “There is a continuum of trust, and we have to work with what we have and make decisions about whether or not what we have is enough,” he said.