DorobekInsider: Identity management — the liner notes
I am moderating a panel this morning on identity management — it is a custom event that 1105 Government Information Group is putting on for Juniper Networks titled Why Network Security Demands Trusted Identity Management. And, as you can see on the agenda, before my panel, they have two great speakers — Tom Donahue, the director of cyber policy for the national security staff, and Dale Meyerrose, Vice President and General Manager for Harris Corporation and the former CIO for the Office of the Director of National Intelligence. [Up until my panel starts, I am taking notes — and posting them with the caveat that these are my raw notes. You can read them here.]
And then there is my panel, which focuses more on the issues of where the rubber meet the road — how do you make this happen.
Session 3 — Discussion Panel 10:25 – 11:40am Implementing Identity Management: Keys to Security and Success Moderator: Chris Dorobek , Co-Anchor, The Daily Debrief, Federal News Radio Panelists:
- Mary Dixon, Director, Defense Manpower Data Center, Defense Department
- Stephen Duncan, Director, The Center for Identity Management and Information Assurance, Office of Integrated Technology Services, Federal Acquisition Service, General Services Administration
- Steve Hanna, Distinguished Engineer, Juniper Networks
What Attendees Will Learn:
- Trends across government to strengthen converged credentials for employees and contractors
- What makes an identity management program successful and secure
- How government organizations are deploying trusted identity management initiatives
- How agencies can improve existing identity management programs
- Lessons learned from seasoned professionals from the public and private sectors
- Common mistakes to avoid and opportunities to maximize proven technologies
- How agencies are moving ahead to deliver secure, reliable physical and logical access to government information assets and facilities
- What’s next for identity management and why it is critical to broader national security goals
On Tuesday on Federal News Radio 1500 AM’s Daily Debrief with Chris Dorobek and Amy Morris, we spoke to Bob Dix, Vice President of Government Affairs & Critical Infrastructure Protection for Juniper Networks. Dixformerly served as the Dix served as the Staff Director for the House Government Reform Subcommittee on Technology and Information Policy. Hear our conversation here. What is fascinating is how identity management issues really have changed and evolved. It has moved beyond the almost tedious but important question of who has given out how many HSPD-12 cards to the much more interesting question of what do you do with those cards — and how do you secure the identity information behind those cards. In our prep call, Dixon told me that as identity management becomes one of the critical ways of ensuring the security of the network, suddently the databases that contain all that information about identity become critically important. After all, if you take out that information, you cripple everyting else. (Anybody else see the movie Eagle Eye where the computer essentially erases Shia LaBeouf identity.) As always, when I speak, I sometimes make reference to conversations I have had on Federal News Radio 1500 AM, so… if you want that information, here are the liner notes… and I may add to this after the presentation depending on what we talk about.
A lot of this is being spurred by the Obama administration’s cyber-security review, which was issued earlier this year. You can find all sorts of resources about the Obama cyber-review in the DorobekInsider reader: Obama administration cyber-security policy review.
I recently had the opportunity to talk to Google’s chief Internet evangalist Vint Cerf, the man widely referred to as the father of the Internet, as part of Federal News Radio’s Meet the Innovator series. He told me that in some important ways, the Internet is still incomplete — and one important part is the lack of identity management. You can hear part one of my conversation with Cerf… and part two. And I’ll add to this post if there are other links that people reference today.
UPDATE: Juniper’s Steve Hanna mentioned Trusted Network Connect, which, according to Wikipedia:
Trusted Network Connect is an open architecture for Network Access Control, promulgated by the Trusted Network Connect Work Group (TNC-WG) of the Trusted Computing Group (TCG). It aims at enabling network operators to provide endpoint integrity at every network connection, thus enabling interoperability among multi-vendor network endpoints. The U.S. Army has planned to use this technology to enhance the security of its computer networks.
The link recommended by Juniper’s Hanna is this one: a white paper that provides an overview of Trusted Network Connect [PDF]. Find more on Trusted Computing Group’s developers page, including a link to the PDF of the Federated Trusted Network Connect (TNC) Version 1.0