State of Federal eGov

1
Secure E-Business Drivers and Impediments
May 7, 2001 Marty WagnerAssociate
Administrator GSA Office of Governmentwide Policy
Agenda Slot
2
Trends Driving Government Transformation
Government
3
The eGov Challenge

• Approximately 283 Million Americans
• Growing number of Americans are Wired
• Most Americans want to do business with the
  government online today!
• Public expects online services similar to the
  best commercial capabilities
• Public does business with multiple agencies
• Does your agency know who they are?

4
Citizen Studies -- Conclusions

• High internet penetration does not mean citizens
  rank internet delivery number one
• Citizens want licenses, payment of taxes online
  but do not want deeply inquisitive services such
  as health, welfare and unemployment insurance
  online
• Privacy Security major concerns
• Government held to higher standard
• Private sector practices can not be simply
  duplicated
• Citizens selectively oppose convenience fees
• E-government should proceed slowly

5
Pay Attention to Privacy

• Set enterprise-wide privacy policy
• Select appropriate security technologies
• Trust relationship questions
• Does Identity need to be authenticated?
• Are credentials presented sufficient?
• Is there a trusted authentication authority?
• When should I accept credentials from an
  authority?
• Privacy Dos and Donts
• Do notify users and follow opt-in strategy
• Dont keep any more information than needed
• Dont keep information any longer than needed

6
Government Online
Recruitment/Employment Section
Kids' Education Area
Government Forms Online
Government Records Online
File Taxes Online
Update Information Online
Online Bidding for Government Contracts
While we have made progress -- There still is a
long way to go.
Online Application for Grants
Online Voter Registration
Online Voting
Source n81
7
Federal PKI Approach

• Determine PKI appropriateness through risk
  assessment.
• Use PKI when electronic signature and
  document/data integrity must be assured.
• Provide Federal PKI and PKI services contract for
  government-wide use -- ACES.
• Establish Federal PKI Policy Authority (for
  policy interoperability).
• Implement CAM and Federal Bridge CA using COTS
  (for technical interoperability).
• Organize federal agency PKI use around common
  citizen and industry groups.
• Re-engineer business processes and legacy systems
  for electronic transactions.

8
Federal Bridge CA

• Built to support interagency PKI technical
  interoperability
• Non-hierarchical hub for peer to peer
  cross-certification.
• Allows trust path creation/processing between PKI
  domains so that digital certificates issued in
  one domain can be accepted with an appropriate
  level of trust in a different domain.
• Maps levels of assurance in disparate certificate
  policies (policyMapping) through four levels of
  assurance
• Rudimentary, Basic, Medium, High.
• Ultimate bridge to CAs external to Federal
  government.
• Requires X.509v3 certificates as standard.
• Ultimate Goal Support agency PKI domain
  interoperability regardless of what CA product is
  used..

9
Challenges in the Federal Sector

• Need for senior management involvement
• Need for wide-scale security and threat awareness
• Understanding operational and security balancing
• Improve network management practices
• Maturation of PKI

10
Challenges in the Federal Sector (continued)

• Sharing of valuable threat and vulnerability
  information
• Acquiring technical expertise
• Funding for implementation of critical
  capabilities
• Interoperability among different platforms and
  technologies

11
How do we get there??

• Standards
• Interoperability
• Sharing of Lessons Learned Best Practices
• Business Process Change Agents
• Training
• Planning budgets to reflect security requirements