Over half of the more than 200 security experts, government technology vendors and industry leaders at the Secure Technology Alliance’s Securing Federal Identity 2017 conference in Washington, D.C. last week who gathered for the annual government security showcase on the most important developments and innovations in federal identity credentialing and access security were federal government employees.
“It is clear from all of the great sessions and discussions last week, including advancements for derived credentials, innovative uses of technologies like near field communications and alternative authentication technologies, and a call-to-action to accelerate the adoption of interoperable identity and access solutions, that there is a real sense of urgency to push identity and security forward in government,” said Randy Vanderhoof, executive director of the Secure Technology Alliance.
“With the majority of attendees from federal agencies, this event has become a hub for government and security executives and industry leaders to come together to make real progress in this space.”
In a discussion on federal identity programs and standards, speakers gave an update on the status of derived PIV credentials and expanding the use of PIV credentials to mobile devices.
They highlighted that while the root of trust starts with PIV, the industry is considering how to utilize different types of identifiers and authenticators on mobile devices to allow authentication at different levels of assurance for different applications.
Speakers noted that today, derived PIV credentials are being piloted in some one-off developments for specific use cases and there is no standard implementation being widely adopted – but there is potential for this in the future.
Innovations Improving Identity Security in Government
In a panel, moderated by Anil John, Department of Homeland Security, on the DHS’s Identity Management and Data Privacy Research and Development Program, three federal program leads outlined the efforts surrounding innovative technologies for improving security, identity and privacy in government:
- John Fessler, Exponent & Kantara Initiative, discussed an ongoing project that enables the use of derived credentials over a secure near field communications (NFC) channel using Opacity technology on a mobile device for physical access control
- Michael Queralt, Queralt, Inc., described the company’s research project on mapping PIV credentials onto FIDO-compliant devices to grant mobile users simpler access to applications and data while requiring a higher level of authentication
- Devu Manikantan Shila, United Technologies Research Corporation, outlined a project called Context Aware Security Technology for Responsive and Adaptive Protection (CASTRA) that leverages analytics on mobile sensor data to learn various human behavioral traits, such as gait, location, proximity and app usage, to enable an active authentication capability
Joseph Stuntz, Office of Management and Budget and James Sheire, GSA Office of Government-wide Policy shared updates on the impact of the new Executive Order strengthening the cybersecurity of federal networks and critical infrastructure, and GSA’s efforts for improving identity and security in government through their new website, www.IDManagement.gov.
The website, which is now live, provides the federal government with more digestible digital assets that can be easily updated as policies and regulations change.
Another innovation making an impact on government is the NIST Special Publication 800-63-3 on “Digital Identity Guidelines,” which outline the identity proofing and authentication requirements for Federal agencies implementing digital identity services.
At the event, speaker Paul Grassi, NIST Trusted Identity Group, said the guidelines are slated to be published later this month. As a next step, Grassi said NIST plans to build on these requirements by providing actionable guidance for implementation.
A Call to Action for Open, Interoperable Authentication
The one-day showcase wrapped up with a call-to-action discussion on what the industry can do to further accelerate the adoption of interoperable solutions for federal identity management and access security.
Moderator Randy Vanderhoof, Secure Technology Alliance, and federal government panelists Tim Baldridge, Department of Defense, LaChelle LeVan, GSA/FICAM, and Michael Garcia, NIST Trusted Identity Group discussed that today’s methods of identification and authentication for access are too single-sourced, and don’t provide enough flexibility for new and emerging use cases, such as remote access.
Panelists came to the conclusion that there is no one-size-fits-all authentication solution for government – instead, the industry needs more open, interoperable solutions that can be used for a variety of use cases.
The Secure Technology Alliance is a not-for-profit, multi-industry association working to stimulate the understanding, adoption and widespread application of secure solutions, including smart cards, embedded chip technology, and related hardware and software across a variety of markets including authentication, commerce and Internet of Things (IoT).
The Secure Technology Alliance, formerly known as the Smart Card Alliance, invests heavily in education on the appropriate uses of secure technologies to enable privacy and data protection.
The Secure Technology Alliance delivers on its mission through training, research, publications, industry outreach and open forums for end users and industry stakeholders in payments, mobile, healthcare, identity and access, transportation, and the IoT in the U.S. and Latin America.