US DOD moots plan to prove identity on the internet

Black Hat, Las Vegas: The US Department of Defense (DoD) is preparing strategy and policy documents on federated identity management systems that may lead...

Black Hat, Las Vegas: The US Department of Defense (DoD) is preparing strategy and policy documents on federated identity management systems that may lead to a national identity system for the United States.

The document, due on 1 October, is being prepared in the office of Robert Lentz, the DoD's chief security officer.

In an exclusive interview with Computer Weekly, Lentz said the new document would integrate the identity system used in the defence sector-based Federal Bridge programme with that of the HSPD12 programme, the civilian national identity programme.

Lentz said he wanted to be able to "articulate to industry and government" how to set up a system that would allow individuals and organisations to assert their identity and associated privileges, and have them accepted at all levels.

Earlier this week, Computer Weekly revealed plans for a similar system for the UK, starting with regulated industries.

Lentz said knowing who one was dealing with was increasingly important because of the internet. So much economic and social activity was net-based that it had become a crucial issue. "We have to reduce the amount of anonymity on the net," he said.

He said there were legitimate reasons for people to be private and to have private conversations. Better identity systems could help ensure that privacy.

Lentz dismissed suggestions that the internet was so polluted with malware and cybercriminals that it would be better to start again. The evidence from the UK and Europe suggested a Draconian move by the DoD to take back, clean up and lock down the net would not go down well, he said.

Besides, the DoD did not want to manage the internet. "It belongs to everyone now," he said.

He said the DoD, which funded the start of the internet, would work with others to build a community-based secure internet. No organisation could do it alone, he said.

He supported ICANN, the main domain name registrar, adding that with the new leaders it would do even better at managing names in cyberspace.

Lentz referred to the UK's decision not to get deeply involved in the Nato centre of excellence on cybersecurity, saying it may have been a matter of priorities.

A colleague of his would sound out the UK's position during a visit next week. "But it's not a priority for me," Lentz said.

He said recent events, such as the UK government's new cyber security strategy, showed that the country was serious about the issue.

Read more on IT risk management

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.