NSTIC about to award contract for ID ecosystem

Tuesday - 4/17/2012, 6:03am EDT

One year after issuance the National Strategy for Trusted Identities in Cyberspace, the program office is reporting progress.

Jeremy Grant, the senior advisor for NSTIC, said his group is about to award a contract to manage a future set of working groups, each of which will develop a component of the ID ecosystem. Grant said NSTIC will award a two-year contract by May, from a field of 12 submissions. Bids have come from non-profits, consultants and universities.

By August, NSTIC plans to award up to eight grants for pilot projects. NSTIC received 186 applications and down selected them to 27 finalists. Each of the grantees will develop components of a trusted ID system.

Speaking at the FedSMC conference in Cambridge, Md., Grant reiterated the need for a national market place in interoperable ID credentials to improve or replace ordinary passwords now in use pretty much everywhere, including the federal government. He cited figures such as 46 percent — the amount by which network intrusions dropped after the Defense Department ordered employees to use their encrypted ID cards exclusively to log on. Five of six known network attack vectors depend on password hacking, Grant said.

"Without solving the 'dog' issue, you can't put enterprise applications online safely," Grant said, referring to the 18-year-old cartoon showing dogs posing as people on the Internet.

Grant described the eventual management award winner as a convener and secretariat of various groups working on the technology and policies of a trusted identities market. It will also develop an accreditation process for eventual vendors of trusted credentials.

Grant said it's too early to predict what form an eventual trusted credential will take. It might be embedded in a card, like the DOD CAC, a fob, or software burned into a smart phone at the chip level.

This story is part of Federal News Radio's daily Cybersecurity Update. For more cybersecurity news, click here.