1. National Strategy for Trusted Identities in Cyberspace
David Sinclair

2. What is NSTIC?
Called for in President’s Cyberspace Policy Review (May 2009): a “cybersecurity focused identity management vision and strategy…that addresses privacy and civil-liberties interests, leveraging privacy-enhancing technologies for the nation.”
Guiding Principles
Privacy-Enhancing and Voluntary
Secure and Resilient
Interoperable
Cost-Effective and Easy To Use
NSTIC calls for an Identity Ecosystem, “an online environment where individuals and organizations will be able to trust each other because they follow agreed upon standards to obtain and authenticate their digital identities.”
7/3/2019

3. Fraud Statistics Identity Theft / Fraud Statistics Data
Average number of U.S. identity fraud victims annually
11,571,900
Percent of U.S. households that reported some type of identity fraud
7 %
Average financial loss per identity theft incident
$4,930
Total financial loss attributed to identity theft in 2013
$21 billion
Total financial loss attributed to identity theft in 2010
$13.2 billion
Percent of Reported Identity Thefts by Type of Fraud
Percent Reported
Misuse of Existing Credit Card
64.1 %
Misuse of Other Existing Bank Account
35 %
Misuse of Personal Information
14.2 %

4. Head of Household Characteristic that Experienced Identity Theft
Percent in Category
The following represents the demographic of the head of household for which the fraud was reported. The corresponding percent is the total percent that reported a fraud inside the specific category.
Age
18 – 24
8.5 %
25 – 34
7.6 %
35 – 49
7.9 %
50 – 64
7.3 %
65 +
4.3 %
Race
White
Black / African American
5.2 %
Hispanic
5.8 %
American Indian / Alaska Native
6.1 %
Asian / Hawaiian / Pacific Islander
Two or More Races
11.6 %
Marital Status
Married
8 %
Not Married
6 %
Household Income
- $7,500
5.3 %
$7,500 – $14,999
4.8 %
$15,000 – $24,999
4.6 %
$25,000 – $34,999
6.0 %
$35,000 – $49,999
6.6 %
$50,000 – $74,999
$75,000 +
12.3 %

5. The Problem Today Usernames and passwords are broken
Most people have 25 different passwords, or use the same one over and over
Even strong passwords are vulnerable…criminals have many paths to easily capture “keys to the kingdom”
Rising costs of identity theft
11.6M U.S. victims (+13% YoY) in 2011 at a cost of $37 billion
67% increase in # of Americans impacted by data breaches in 2011
(Source: Javelin Strategy & Research)
A common vector of attack
Sony Playstation, Zappos, Lulzsec, LinkedIn, among dozens
of breaches tied to passwords.
7/3/2019

6. The Problem Today Identities are difficult to verify over the internet
Numerous government services still must be conducted in person or by mail, leading to continual rising costs for state, local and federal governments
Electronic health records could save billions, but can’t move forward without solving authentication challenge for providers and individuals
Many transactions, such as signing an auto loan or a mortgage, are still considered too risky to conduct online due to liability risks
7/3/2019

7. The Problem Today Privacy remains a challenge
Individuals often must provide more personally identifiable information (PII) than necessary for a particular transaction
This data is often stored, creating “honey pots” of information for cybercriminals to pursue
Individuals have few practical means to control use of their information
7/3/2019

8. Trusted Identities Provide a Foundation
Economic benefits
Improved privacy standards
Enhanced security
TRUSTED IDENTITIES
Enable new types of transactions online
Reduce costs for sensitive transactions
Improve customer experiences
Offer citizens more control over when and how data is revealed
Share minimal amount of information
Fight cybercrime and identity theft
Increased consumer confidence
7/3/2019

9. January 1, 2016 Privacy-enhancing Secure Interoperable
The Identity Ecosystem: Individuals can choose among multiple identity providers and digital credentials for convenient, secure, and privacy-enhancing transactions anywhere, anytime.
Privacy-enhancing Secure Interoperable
Cost-effective and easy to use
Apply for mortgage online with e-signature
Online shopping with minimal sharing of PII
Trustworthy critical service delivery
Secure Sign-On to state website
Security ‘built-into’ system to reduce user error
Privately post location to her friends
7/3/2019

10. What Does NSTIC Call For?
Private sector will lead the effort
Federal government will provide support
Not a government-run identity program
Private sector is in the best position to drive technologies and solutions…
…and ensure the Identity Ecosystem offers improved online trust and better customer experiences
Help develop a private-sector led governance model
Facilitate and lead development of interoperable standards
Provide clarity on national policy and legal framework around liability and privacy
Fund pilots to stimulate the marketplace
Act as an early adopter to stimulate demand
7/3/2019

11. Key Implementation Steps
Created an Identity Ecosystem Steering Group: Summer
NIST awarded 2-year grant to fund a privately-led Steering Group to convene stakeholders and craft standards and policies to create an Identity Ecosystem Framework
Convene the Private Sector
5 pilots totaling $9.2M awarded September, 2012
Challenge-based approach focused on addressing barriers the marketplace has not yet overcome
New FFO for 2013 pilots has 13 finalists; second FFO focused on states and government services
Continued Support for Pilots
Ensure government-wide alignment with the Federal Identity, Credential, and Access Management (FICAM) Roadmap
New White House initiated effort to create a Federal Cloud Credential Exchange (FCCX)
Government as an early adopter to stimulate demand
7/3/2019

12. FFO 2013-NIST-NSTIC-03 Purpose
To support the study, evaluation, and increase in public knowledge about the pilots awarded through Federal Funding Opportunity 2013-NIST-NSTIC-02 NSTIC Pilots: Trusted Online Credentials for Accessing Government Services Cooperative Agreement Program. (More information on this FFO is available at ).
7/3/2019

13. Partnership Fund for Program Integrity Innovation
The Partnership Fund seeks innovative ideas for improving the stewardship of federal dollars to create an efficient, effective government model for the 21st century.
Using funds appropriated by Congress, the Partnership Fund funds pilot projects and evaluations that test ideas for improving Federal Assistance Programs (e.g., SNAP, Medicaid) that are administered in cooperation with the states, or where Federal- state cooperation could otherwise be beneficial.
Website:
7/3/2019

14. Partnership Fund Success Measures
Reducing improper payments
Improving administrative efficiency
Improving service delivery
Protecting and improving program access for eligible beneficiaries
7/3/2019

15. References
2013-NIST-NSTIC-03: National Strategy for Trusted Identities in Cyberspace (NSTIC) Cooperative Agreement Program for the Evaluation of Pilots Using Trusted Online Credentials for Accessing Government Services
Applicant's Webinar, Thursday, June 6, 2013, PowerPoint Presentation (PPTX)

16. Thoughts / Questions
Questions ???