By Jill R. Aitoro
October 7, 2008
Security leaders from government, academia and corporations announced on Tuesday the formation of a center to improve how organizations control access to information and data stored in networks, therefore reducing an increasing number of security breaches.
Some of the largest federal contractors, including IBM, Lockheed Martin Corp. and Visa, joined Indiana University and the Secret Service to announce the formation of the Center for Applied Identity Management Research. The center, which has begun operations, will study ways to improve the practice of identity management, the ability to verify computer users' identities and if they have access to sensitive information stored on a network. Other founding members of the center are LexisNexis; Cogent Systems, a manufacturer of biometric systems; and Intersections Inc., an identity management vendor.
The establishment of the center comes at a time when computer networks operated by agencies and corporations are under increasing attacks from hackers and employees looking to gain access to personal information. The Office of Management and Budget reported in the spring that the number of information security incidents to federal networks more than doubled in fiscal 2007, with a 70 percent increase in unauthorized access to federal networks.
"How you determine people are who they claim to be is a critical challenge, and one we are failing to do well," said Fred Cate, a professor of law at Indiana University and director of the unrelated Center for Applied Cybersecurity Research. While the university will serve as the academic home for research activities of the Center for Applied Identity Management Research, the facility itself will be based in Washington.
Those announcing the formation of the center were vague about what research the center may conduct, saying only that the center would concentrate on public safety (including cyber crime, organized criminal groups and detecting sexual predators), national security (including cybersecurity and cyber defense, human trafficking and illegal immigration, terrorist tracking and financing), financial and corporate fraud (including mortgage fraud, data breaches, insider threats), and individual protection from identity theft and fraud.
The center will not conduct research that is specific only to government or industry. "We don't view research in terms of one sector or another," said Gary Gordon, executive director of the center and the founder of an unaffiliated organization called the Center for Identity Management and Information Protection. "The challenges [in identity management] are the same, [and] the results of research will be applied across the board. We need the smart people representing all the sectors that don't normally talk to one another at the same table."
The center plans to first develop a blueprint of projects to research. Research objectives will be to develop strategies and policies for protecting data, as well as personal privacy to ensure individual civil liberties are respected. This is a particular area of interest for the Defense Department, said Thomas Dee, director of biometrics efforts at the Office of the Secretary of Defense. "More than the technology, we need to understand the rules," Dee said.
He noted a number of presidential directives that address identity management, including Homeland Security Presidential Directive 12, which requires agencies to issue biometric credentials to all federal employees and contractors for access to government facilities and networks, as well as HSPD 6, HSPD 11 and HSPD 24, all of which involve screening procedures for identifying potential terrorists and criminals.
"How do you sort through these anonymous individuals to identify who may pose a threat?" he asks. Finding appropriate procedures "is equally relevant."
The center is not a lobbying group, and therefore won't ask Congress for specific policies to be implemented in industry or government, Gordon said. Rather, the goal will be to provide information to individuals, organizations and rule-making bodies, including the Office of Management and Budget.
"Inevitably, there will be collaboration" between the center and OMB, Cate said. "We're trying to sponsor relevant research, [and] the hope is that what comes out is precisely the information OMB would be interested in. But how that information is applied is entirely up to them."
Other members of the center include Fair Isaac Corp., a decision-analytics firm; the University Texas at Austin, Wells Fargo and Co., the Marshals Service, Dragnet Solutions, ID Experts, Identity Theft Assistance Corp., the Information Technology Association of America, and the National Center for Missing and Exploited Children.
By Jill R. Aitoro
October 7, 2008