Internet Security Initiative

The US government considered an internet security initiative a while back to improve cyberspace for everyone including individuals, businesses and government agencies who conduct business online. This initiative was announced by the Department of Homeland Security (DHS) and as mentioned aimed to create a more secure system of online identification. This internet security initiative is called National Strategy for Trusted Identities in Cyberspace.

Since then, the DHS has made significant progress in enhancing the security of the nation's critical physical infrastructure as well as its cyber infrastructure and networks through:

• The The National Cybersecurity Protection System which fulfills a key requirement of the National Cybersecurity Protection Plan (NCPP) to engage various government entities, law enforcement, private sector and members of the public to block malicious actors while bolstering defensive capabilities.
• EINSTEIN and EINSTEIN 2 which is an automated cyber surveillance system that monitors federal internet traffic for malicious intrusions at 15 Departments and agencies and four Managed Trusted Internet Protocol Service providers. EINSTEIN 3 will provide DHS with the ability to detect malicious activity and disable attempted intrusions automatically.
  
• Trusted Internet Connections designed to limit the number of potential vulnerabilities to government networks and to focus monitoring efforts and security capabilities on limited and known avenues for Internet traffic.
• Computer Emergency Readiness Team (CERT) in partnership with antivirus companies takes proactive measures to stop possible threats from reaching public and private sector partners by developing and sharing standardized threat indication, prevention, mitigation, and response information products with its .gov partners and constituents.
  

There are three other areas under National Strategy for Trusted Identities in Cyberspace which include privacy laws, consumer awareness of the risks and best practices which Identity Management Institute has been advocating and supporting for some time, as well as single sign on for select and related accounts.

The challenge is that there are too many redundant, incomplete, and distributed privacy and security laws at the Federal and State levels. While the government is addressing this particular area through its internet security initiative, they must focus on the existing laws and think about consolidation and completeness of the laws. Although the redundancy of the laws is less of a concern, their completeness must be addressed which brings up the next point.

Consumer awareness and education regarding identity theft risks and best identity protection practices is not addressed in any of the current laws. There are no laws requiring companies which collect their customer non-public information as part of their business transactions to educate their customers regarding best identity protection practices and provide them with some type of identity theft awareness education.

And lastly, the existence of excessive number of online accounts, IDs and passwords just increases the online identity theft risks which should also be addressed. For example, related accounts such as financial accounts from the same institution have a lot to gain from a single and strong identification and authentication mechanism. A good example is the Google strategy for linking and using the same access mechanism for its multiple user accounts. The excessive collection, retention and sharing of personal information is further addressed in the identity obesity concept and Identity Diet program.

Return from internet security initiative to workplace information protection.