Identity, Trust and the Future of Government Information Systems
8th Annual Smart Cards in Government Conference, Washington, DC, October 29, 2009–Identity and trust were the center of discussion at the 8th Annual Smart Cards in Government Conference, taking place this week through October 30th at the Washington DC Convention Center. From healthcare to more efficient government information system development to Internet security, knowing with whom you are dealing and being able to authenticate their identity online is a top issue for the federal government. And as identity becomes increasingly important in Washington, the importance of smart card technology becomes increasingly evident to policy makers and government IT executives as well.
One factor: Personal Identity Verification (PIV) credentials now exceed 60 percent penetration of federal government employees, and agencies are implementing logical and physical access control and other applications, according to GSA’s Judy Spencer, chair of the Federal Identity Credential Credentialing Committee in the Federal CIO Council. A key initiative to help achieve governmentwide and partner trust and interoperability using PIV credentials is the Identity Credential and Access Management (ICAM) subcommittee, which is within days of receiving final clearance to issue the first of two architecture, use case, and implementation guidance documents.
Another factor is that several members of congress have had their own computers hacked into. That makes it more personal and is helping to generate interest, according to Tom Davis, the retired seven-term congressman from Virginia and director of Deloitte’s federal government services business.
Keynote speaker David Wennergren, deputy CIO U.S. Department of Defense and vice chair of the Federal CIO Council, sees the smart card industry at the “epicenter of change” in government’s IT future. In his view, the completion of the PIV program and its use as an identity management tool is the foundation for “secure information sharing.” His vision is to enable a service oriented approach that decouples data from hard-coded applications. Citing several existing examples, he argued that by making data more available in a services architecture, new capabilities can be implemented more rapidly. He also sees the potential of Web 2.0 and cloud computing in government. The smart card-based PIV credential is essential to making these innovations work effectively together for government, because its two factor authentication provides trust and access control.
Identity presents a similar challenge in healthcare. “One of the challenges we face trying to implement healthcare systems nationwide is, Who is that patient? And, Do we know we have that patient?” said Dr. Deborah Lafky, the security lead in the Office of the National Coordinator for Health IT (ONC). “If all patients had an identity card that we could rely on imagine how much simpler this problem would be.”
Lafky also issued a call to action for industry stakeholders interested in advancing smart cards as a technology solution for healthcare. “The single biggest thing that this industry can do is greater outreach to the healthcare industry to show them the vision of what could be if everyone had a trusted identity. I don’t think that they have that vision today,” said Lafky.
In addition to strong credentials, another critical part of identity management is proving identity. Several speakers agreed that efforts to design more secure identity credentials are far ahead of efforts to define and standardize processes for securely vetting identities. There was a consensus among the presenters that a process is needed for the standardization of authenticating breeder documents used to originally establish an identity. In addition, there is a need to establish levels of identity proofing, corresponding to the four levels of assurance already established by the federal government.
It’s not about getting a perfect identity, however, cautioned Brett McDowell, executive director, Katara Initiative. There is a continuum of trust, and we have to work with what we have and make decisions about whether or not what we have is enough.
Follow the Smart Card Alliance on Twitter at http://twitter.com/SmartCardOrgUSA. Get up to the minute updates on the 8th Annual Smart Cards in Government Conference, or tweet your own news from the event, using [http://twitter.com/home]#scgc09). To join the Smart Card Alliance Facebook page, visit
About the Smart Card Alliance
The Smart Card Alliance is a not-for-profit, multi-industry association working to stimulate the understanding, adoption, use and widespread application of smart card technology.
Through specific projects such as education programs, market research, advocacy, industry relations and open forums, the Alliance keeps its members connected to industry leaders and innovative thought. The Alliance is the single industry voice for smart cards, leading industry discussion on the impact and value of smart cards in the U.S. and Latin America. For more information please visit http://www.securetechalliance.org.