Black Hat, Las Vegas: The US Department of Defense (DoD) is
preparing strategy and policy documents on federated identity
management systems that may lead to a national identity system for
the United States.
The document, due on 1 October, is being prepared in the office
of Robert Lentz, the DoD's chief security officer.
In an exclusive interview with Computer Weekly, Lentz said the
new document would integrate the identity system used in the
defence sector-based Federal Bridge programme with that of the
HSPD12 programme, the civilian national identity programme.
Lentz said he wanted to be able to "articulate to industry and
government" how to set up a system that would allow individuals and
organisations to assert their identity and associated privileges,
and have them accepted at all levels.
Earlier this week, Computer Weekly revealed
plans for a similar system for the UK, starting with regulated
industries.
Lentz said knowing who one was dealing with was increasingly
important because of the internet. So much economic and social
activity was net-based that it had become a crucial issue. "We have
to reduce the amount of anonymity on the net," he said.
He said there were legitimate reasons for people to be private
and to have private conversations. Better identity systems could
help ensure that privacy.
Lentz dismissed suggestions that the internet was so polluted
with malware and cybercriminals that it would be better to start
again. The evidence from the UK and Europe suggested a Draconian
move by the DoD to take back, clean up and lock down the net would
not go down well, he said.
Besides, the DoD did not want to manage the internet. "It
belongs to everyone now," he said.
He said the DoD, which funded the start of the internet, would
work with others to build a community-based secure internet. No
organisation could do it alone, he said.
He supported ICANN, the main domain name registrar, adding that
with the new leaders it would do even better at managing names in
cyberspace.
Lentz referred to the UK's decision not to get deeply involved
in the Nato centre of excellence on cybersecurity, saying it may
have been a matter of priorities.
A colleague of his would sound out the UK's position during a
visit next week. "But it's not a priority for me," Lentz said.
He said recent events, such as the UK government's new
cyber security strategy, showed that the country was serious
about the issue.