When I hear a message that begins, “We’re from the government, and we’re here to help,” I am naturally suspicious.  My political philosophy, based on personal freedom, individual responsibility and natural consequences, is all too often infringed upon by over-reaching, even if well-intentioned, government mandates.  So, when I first learned of the “National Strategy For Trusted Identities In Cyberspace,” I quite naturally envisioned the typical government movement towards stronger control, greater regulation and reduced freedom.

These goals will require the active collaboration of all levels of government and the private sector  The private sector will be the primary developer, implementer, owner, and operator of the Identity Ecosystem, which will succeed only if it serves as a platform for innovation in the market. The Federal Government will enable the private sector and will lead by example through the early adoption and provision of Identity Ecosystem services. It will partner with the private sector to develop the Identity Ecosystem, and it will ensure that baseline levels of security, privacy, and interoperability are built into the Identity Ecosystem Framework.

That said, I include here some key points from the document.  A user-centric “Identity Ecosystem” is proposed – an online environment where individuals and organizations will be able to trust each other because they follow agreed upon standards to obtain and authenticate their digital identities—and the digital identities of devices. 

Where are Abby Sciuto and Timothy McGee when we need their help?  It would seem that their almost supernatural skills in cybersecurity and good-guy hacking are in great demand.  As reported by Josh Smith in NextGov:

Many of the FBI field agents assigned to combat cyber threats say they do not have enough expertise to do it, according to a new report from the Justice Department’s inspector general.

 

Justice Department officials found that more than a third of the 36 FBI agents surveyed said they don’t have the networking or counterintelligence expertise needed to effectively investigate national security breaches. The report also said that field offices lacked the forensic and analytical capabilities to take on national security investigations.

Sen. Susan Collins, R-Maine, who has proposed cybersecurity legislation on Capitol Hill, said the need for a capable cybersecurity work force is “more urgent than ever.”

“The threat of cyber attacks continues to grow every day,” said Collins, ranking member on the Homeland Security and Governmental Affairs Committee, in a statement. “That is why it is so troubling that the federal government has not adequately trained its cyber professionals to combat these threats.”

…

 

A dearth of trained cybersecurity professionals is plaguing government and industry efforts, with some analysts estimating that the U.S. needs 20,000 to 30,000 more people to adequately defend cyberspace.

Jeremy Duncan seems to be addicted.  Are you?

I thing my family would rather have a full-scale electrical blackout that an Internet interruption.

The recent security breach affecting Sony Corp’s PlayStation network, is receiving high profile attention. As reported by Nick Wingfield in today’s Wall Street Journal:

Two U. S. Congress members are asking Sony Corp. to explain its handling of the recently disclosed data breach involving its PlayStation Network, one of the largest data thefts in history.

 

On Friday, Rep. Mary Bono Mack (R., Calif.) and Rep. G.K. Butterfield (D., N.C.), members of a Congressional subcommittee on commerce, manufacturing and trade, asked Kazuo Hirai, the head of Sony’s videogames division, to address their concerns. The letter asked when Sony first learned of the recent breach, why it waited days to notify its customers, and how Sony intends to prevent further breaches in the future.

Sony has said the breach occurred earlier this month and resulted in the loss of names, addresses and possibly credit card numbers associated with 77 million accounts on its online game network. While Sony and law enforcement officials haven’t addressed whether they have any suspects in the intrusion, one prominent target of a past Sony legal attack over a hacking incident denied any involvement in the data theft.

…

 

Sony hasn’t said what the financial impact from the data intrusion will be. Larry Ponemon, founder of a firm called the Ponemon Institute that analyzes the costs of data breaches, estimated it could run as much as $1.5 billion, including everything from Sony’s own forensic investigation, to the diversion of Sony personnel from their regular responsibilities to the cost of making amends to customers with free offerings.

Congratulations to my good friend Alan Norquist, whose company Veriphyr was named a “Cool Vendor in Identity and Access Management” by in a recent Gartner report.  Veriphyr offers an on-demand SaaS service that “analyzes identities, privileges, and user activity to detect violation of access control down to the record level to deter snooping into sensitive data.” 

I received Alan’s email informing me of this recognition earlier today – ironically just two days after I posted an article about the business benefits of Identity and Access Intelligence.  Here is Veriphyr’s definition of Identity and Access Intelligence:

Identity and access intelligence (IAI) is a new category of SaaS application that uses advanced data analytics to mine identity, rights, and activity data for intelligence that is useful not only for IT operations, but also for broader business operations. What is new about IAI is its focus on the needs of the business manager, who typically has the best knowledge of what resources their direct reports should or should not be accessing, when they should be accessing it, and how much resource utilization is appropriate. IAI informs the identity and access management process (IAM) in a way that provides rapid value to business managers and generates the buy-in from business stakeholders that is needed for a successful project implementation.

I predict that this segment of the Identity and Access Management market will grow rapidly, as enterprises seek to gain actionable intelligence from their growing mountains of available Identity and Access data.