Shows & Panels
- The 2014 Big Picture on Cyber Security
- AFCEA Answers
- Ask the CIO
- Connected Government
- Consolidating Mission-critical Systems
- Constituent Servicing
- Continuous Monitoring: Tools and Techniques for Trustworthy Government IT
- The Data Privacy Imperative: Safeguarding Sensitive Data
- Eliminating the Pitfalls: Steps to Virtualization in Government
- Federal Executive Forum
- Federal Tech Talk
- Government Cloud Brokerage: Who, What, When, Where, Why?
- Government Mobility
- Mission-critical Apps in the Cloud
- Mobile Device Management
- The Modern Federal Threat Landscape
- The Path from Legacy Systems
- Understanding the Intersection of Customer Service and Security in the Cloud
Shows & Panels
National Cancer Institute securing online transactions
Thursday - 7/7/2011, 6:56am EDT
By Jason Miller
Federal News Radio
The National Cancer Institute is cutting the time it takes to start clinical drug trials. And it's doing it through the use of standards for secure online transactions.
NCI and the SAFE BioPharma Association are putting the concepts outlined in the National Strategy for Trusted Identities in Cyberspace (NSTIC) into practice.
NCI and SAFE BioPharma are securely automating the document sign-off process, which currently is long and manually intensive.
"It goes into a portal, so to speak, and then people can go into the portal, retrieve it, sign it and push it back through, sort of cloud technology in that regard," said Steve Friedman, the chief of clinical trials operations in NCI's informatics branch. "Then people as long as they have the right credentials can go in. Because we are dealing with confidential documents, we need to make sure there is secure access and only the right people with the right permissions can go in and retrieve and sign documents."
He said it currently takes three-to-five days to move documents through the approval process. But with secure automation, the goal is a few hours.
Friedman said SAFE BioPharma approached the NCI asking to use technology behind secure online transactions. Bristol-Myers-Squibb is the first company to take part in the pilot.
Friedman said NCI was eager to speed up its clinical trials, but first had to make sure the technologies were secure enough.
"It was a lot of background checks, making sure this is right thing we can use at the right time for the right purpose," he said. "Once that was all vetted out, we were able to move forward with the pilot."
The pilot is about a year old and NCI started small with protocol approval letters. Friedman said the initial effort presented some technology challenges, but they were quickly resolved. NCI expanded the use of digital signatures through material transfer agreements between pharmaceutical companies and the agency. He said both parts of the pilot have been working well.
Mollie Shields-Uehling, the president and CEO of SAFE BioPharma, said security also was a primary concern for the drug companies. SAFE BioPharma is using the standards behind federal public key infrastructure bridge to authenticate and authorize users.
"They get a digital credential, which is a unique algorithm, linked to that identity for them to authenticate and to sign," Shields-Uehling said. "Every time they sign, it's a unique signature linked to them that can be validated at the time of signing or long after that signature has been executed to ensure it was indeed valid at the time of signing."
She added having that signature history is important in clinical trials. The Food and Drug Administration, for instance, requires the retention of those signatures for the life of the drug and a number of years after the drug is off the market.
Shields-Uehling said researchers can use anything from USB token to software tokens to smartcards to a one-time password credential that is based on PKI.
"There are standards that both the U.S. government and SAFE BioPharma community use to identity proof that person so you have very high trust that this person is who he or she says he is and then they get a digital credential," she said. "The Federal Bridge is the anchor to the four bridges forum. It is cross certified with the SAFE BioPharma bridge, which is the healthcare and biopharmaceutical industry community. Then you have CertiPath, which represents the aerospace and defense industry, and soon there will be a research and education bridge, which will link the education community, which also contains a large number of medical research institutions. This is kind of a backbone or spine of an interoperable network of cyber communities where you can trust identities and conduct business."
The goal of the NSTIC is to help create those trusted business communities. The Obama administration is leading the development of standards and processes to eliminate passwords and replace them with commercially-provided digital certificates to make online transactions safer, faster and more convenient.
NCI and SAFE BioPharma are demonstrating just how the NSTIC could work.
"I think this is a big advantage here by being able to show people that the government can enter into these public-private partnerships with success," Friedman said. "There have always been some casual attitudes that the government is not up with the latest and greatest from the commercial standpoint. This proves that we are willing to collaborate and move forward for the betterment of the patients in our trials."