Smart Card Alliance Government Conference Hits Record Government Attendance as Leaders Share Latest Advancements in Identity Management and Cybersecurity
Princeton Junction, N.J., November 3, 2014 – Industry leaders shared visions and advancements in identity management and cybersecurity for government, healthcare, enterprise and citizens with a record number of government attendees last week at the 13th Annual Smart Card Alliance Government Conference in Washington, D.C.
“The government has laid a strong identity credentialing and management foundation and is now working on ways to promote increased usage and to leverage mobile and cloud technologies across the federal enterprise,” said Randy Vanderhoof, executive director of the Smart Card Alliance. “At the same time, the President’s BuySecure Initiative has reinforced the need for government to share these advances with the business sector and citizens accessing government services, and to promote interoperable solutions that are both highly secure and simple to authenticate identities and protect sensitive data.”
Highlights from the event included:
Improving citizen identity and access
“All of your data is out there – to manage risk under any other assumption is simply irresponsible,” Richard Parry, the principal of Parry Advisory told conference attendees. He said that today’s “risk-based and inferred system of identity” is not sufficient to prevent the theft and misuse of identity-related data.
According to Parry, this identity problem is due in part to the millions of synthetic, or non-existent, identities in circulation. These identities are grown and cultivated over years by criminals and have bank accounts, good credit scores and even social media presences. Common practices for authenticating identities like KYC (Know Your Customer) are not sufficient and don’t reveal synthetic identities, he said. What’s needed: “validate both the token and the token-user each time a critical interaction takes place.”
Also addressing ways to solve identity and security problems was Christine Harada, GSA’s associate administrator for government-wide policy. Harada told attendees the government should look to the private sector for “user-friendly solutions to thorny security problems.” According to Harada, the marketplace today is offering “elegant, more secure solutions” to consumers that can be leveraged within government.
Harada pointed to the Federal Cloud Credential Exchange (FCCX) program as a good example of the government utilizing private sector solutions. FCCX, a GSA and USPS-led effort, will allow citizens to use already-established credentials (Google, PIV, PayPal and others) to log in to federal agency websites. The program will enable “greater citizen engagement, lower integration and costs and reduced agency investment,” according to Philip Lam, trusted identity strategist at NIST. FCCX will soon be renamed Connect.gov.
A smart card-based national ID in Nigeria
Christian ‘E Onyemenam, CEO, NIMC (National Identity Management Centre of Nigeria) provided attendees with an overview of the Nigerian National ID Program and how it is taking advantage of global standards and the multi-application capabilities of smart cards. The Nigerian national ID, a highly secure, dual-interface smart card, contains 13 applets that enable the card for identity, EMV payment and travel applications, amongst others. The payment application, Onyemenam said, would be a “financial inclusion enabler” by helping to serve the large unbanked and underbanked population in Nigeria. The NIMC is currently enrolling citizens and issuing IDs in all of its 36 states.
GSA moving ahead on PACS
The GSA is undertaking a full replacement of physical access control systems (PACS) in all of its facilities. The agency has tested and approved 15 end-to-end FIPS 201 compliant PACS solutions that represent 300 different implementation configurations for its Approved Products List (APL), according to Chi Hickey, program manager for the evaluation program. To ensure that all GSA enterprise-PACS (E-PACS) are implemented properly to meet FICAM requirements, commercial integration engineers are now required to be trained and certified prior to being awarded contracts. Training and certification is being provided by the Smart Card Alliance CSEIP Training and Certification Program.
Reducing fraud in healthcare
Healthcare sessions focused on key industry topics, such as eliminating record duplication, reducing medical ID fraud and creating an interoperable, multi-industry identification system.
According to Ann Patterson, SVP and program director for the Medical Identity Fraud Alliance (MIFA), 8,200 out of 1 million Americans will be a victim of, or complicit in, medical ID fraud, and 50 percent of victims take no steps to protect themselves. “It’s drilled into people to check your bank statements and credit scores, but no one tells people to check medical identity records,” Patterson said.
To help solve the healthcare fraud problem, Peter Barry, principal of the Peter T. Barry Company, highlighted a new WEDI white paper, “Secure Patient Identification,” and suggested the use of smart cards and biometric health ID cards as a solution to reduce costs due to healthcare ID fraud by a third, or about $25 billion a year.
Barry also highlighted duplicate records as a source of financial loss, stating “there’s an error rate in the collection of patient records that are coming from different providers at different times, and the U.S. doesn’t have a universal patient identifier. If we used a biometric identifier, we could cut the error rate from what might be as far as 10 to 15 percent, and cut that down towards zero.”
Other notable items:
- The Administrative Office of the U.S. Courts has issued 5,000 PIV-interoperable (PIV-I) credentials to date
- National Strategy for Trusted Identities in Cyberspace (NSTIC) pilots are “expanding, commercializing, moving to production and integrating with each other,” according to Michael Garcia, NSTIC deputy director, NIST
- A group in the W3C Consortium developing future specifications is seeking to standardize web browser support for hardware tokens for strong authentication. This would make it easier for the government, banking, payments and healthcare sectors to use smart cards with web browsers to provide strong authentication and transaction signatures to businesses and consumers
- Researchers and technologists are working with DARPA on new methods to provide active, continuous user authentication. Promising new biometrics include typing behavior, mouse and keystroke dynamics, semantic analysis of language or sentence structure, web on file search profiles and layered approaches that fuse multiple methods to increase reliability
New date for 2015 conference
Next year, the Smart Card Alliance Government Conference moves to spring and will be held June 9-10, 2015 at the Walter E. Washington Convention Center in Washington, D.C.
About the Smart Card Alliance
The Smart Card Alliance is a not-for-profit, multi-industry association working to stimulate the understanding, adoption, use and widespread application of smart card technology.
Through specific projects such as education programs, market research, advocacy, industry relations and open forums, the Alliance keeps its members connected to industry leaders and innovative thought. The Alliance is the single industry voice for smart cards, leading industry discussion on the impact and value of smart cards in the U.S. and Latin America. For more information please visit http://www.securetechalliance.org.
Montner & Associates