interagency advisory board (iab) meetinginteragency advisory board meeting agenda, wednesday, june...

Interagency Advisory Board Meeting Agenda, Wednesday, June 29, 2011

1. Opening Remarks (Mr. Tim Baldridge, IAB Chair) 2. Using PKI to Mitigate Leaky Documents (John Landwehr,

Adobe)

3. The Digital Identity Ecosystem of the States: Leveraging Federal Initiatives (Doug Robinson, NASCIO)

4. Achieving Federal Identity Compliance in PACS Without a Rip-and-Replace Investment (Dave Adams, HID)

5. Aviation Credentialing and the New RTCA Standard 230C

(Christer Wilkerson, AECOM) 6. Closing Remarks (Mr. Tim Baldridge, IAB Chair)

June 29, 2011

The Digital Identity Ecosystem of the States: Leveraging

Federal Initiatives

Government Smart Card Interagency Advisory Board (IAB) Meeting

Doug Robinson, Executive Director National Association of State Chief Information Officers

About NASCIO National association representing state chief information

officers and information technology executives from the states, territories and D.C.

NASCIO's mission is to foster government excellence through quality business practices, information management, and technology policy.

Founded in 1969 – we’re a legacy system

http://images.google.com/imgres?imgurl=http://www.kansastravel.org/05statecapitol8.JPG&imgrefurl=http://www.kansastravel.org/kansasstatecapitol.htm&h=488&w=650&sz=56&hl=en&start=6&usg=__V8Y3-uLGvGLB0-Tq9WOkMR0eyII=&tbnid=uV-7lHYdxMixHM:&tbnh=103&tbnw=137&prev=/images?q=state+capitol+dome&gbv=2&hl=en&sa=G

http://images.google.com/imgres?imgurl=http://alanbauer.com/images/Cityscape/WAStateCapitol_Dome_Chandelier.jpg&imgrefurl=http://alanbauer.com/Cityscape.htm&h=536&w=800&sz=107&hl=en&start=13&usg=__mkQVpdWTffO-Q0k_G-5BC_rtC10=&tbnid=uf1Tbb63Nfxg2M:&tbnh=96&tbnw=143&prev=/images?q=state+capitol+dome&gbv=2&hl=en&sa=G

http://images.google.com/imgres?imgurl=http://farm3.static.flickr.com/2403/2290791712_5beef24765.jpg&imgrefurl=http://staytondailyphoto.com/2008/02/inside-state-capitol-building.html&h=348&w=500&sz=134&hl=en&start=49&usg=__FwYWc9RmFciH-zZZZMgz656k0fM=&tbnid=luSrFBFDgQWstM:&tbnh=90&tbnw=130&prev=/images?q=state+capitol+dome&start=40&gbv=2&ndsp=20&hl=en&sa=N

http://images.google.com/imgres?imgurl=http://farm2.static.flickr.com/1374/864866986_d4b5b97db6.jpg&imgrefurl=http://www.flickr.com/photos/tingmen/864866986/&h=375&w=500&sz=154&hl=en&start=97&usg=__vx-8xmAbupe4PC_rAOxfgaX4w0w=&tbnid=9zIMeqTDgZvfEM:&tbnh=98&tbnw=130&prev=/images?q=state+capitol+dome&start=80&gbv=2&ndsp=20&hl=en&sa=N

State IT Landscape Today Tough Times: dealing with slow fiscal recovery,

forced budget reductions, spending reductions, personnel actions

CIOs seeking IT operational cost savings Continued consolidation - IT infrastructure,

services and more Living with the past - modernizing the legacy IT security and risk! Game has changed IT workforce: retirement wave, skills, recruiting Issues with federal program funding: cost

allocation, inflexibility, constraints, lack of harmony

Budget Cuts Made After the Budget Passed ($ millions)

*FY 2011 mid-year budget cuts are ongoing Source: NASBO Spring 2011 Fiscal Survey

Mid-Year Budget Cuts Decline

20

28

35

22

9 8 13

7

2 3 1

16

37 37

18

5 2 4

13

43 39

23

0

10

20

30

40

50

$0

$5,000

$10,000

$15,000

$20,000

$25,000

$30,000

$35,000

$40,000

Number of states Amount of reduction

Recession ends

Recession ends

Recession ends

FY 2012 Proposed Spending is $18 Billion Less than FY 2008

($ in

BIL

LIO

NS

)

* FY 2007, 2008, 2009 and 2010 are actual. FY 2011 is estimated and FY 2012 is proposed..

$655

$687

$661

$619

$652

$669

$580

$600

$620

$640

$660

$680

$700

FY 2007 FY 2008 FY 2009 FY 2010 FY 2011 FY 2012*

General Fund Spending: FY 2007-FY 2012 (in billions)

Distribution of Federal Grants

80%

8%

7%

4%

1%

States

Locals

Universities

Non-Profits

Tribes, For-Profit,Others

2011 US BUDGET - $3.8 TRILLION GRANTS- $586 BILLION

CIOs' view on IT budgets for 2011–13

Decrease, 64% Increase,

13%

Remain the same, 23%

As state budgets go down, so does funding for IT A few exceptions: ARRA & mandates Many CIOs see budget decreases as an opportunity to improve by breaking down barriers, strengthening IT governance, developing creative solutions Source: NASCIO-TechAmerica 2010 State CIO Survey, August 2010

Do you expect your IT budget to be…

13%

13%

16%

58% • Cut • Increased • Stay the same • Sill deliberating

Source: NASCIO Midyear Conference, May 2011

State CIO Priorities for 2011 1. Consolidation / Optimization: centralizing, consolidating services, operations,

resources, infrastructure, data centers 2. Budget and Cost Control: managing budget reduction, strategies for savings, reducing

or avoiding costs, activity based costing 3. Health Care: the Affordable Care Act, health enterprise architecture, assessment,

partnering, implementation, health information exchange, technology solutions, MMIS

4. Cloud Computing: as a service delivery strategy; models, governance, service management, provisioning, security, privacy, data ownership

5. Shared Services: business models, sharing resources, services, infrastructure, independent of organizational structure

6. Governance: improving IT governance, data governance, partnering 7. Security: risk assessment, governance, authority and executive support; budget and

resource requirements; insider threats; third party security practices; frameworks 8. Broadband and Connectivity: strengthening statewide connectivity, public safety

wireless network, telehealth 9. Legacy modernization: enhancing, renovating, replacing, legacy platforms and

applications, business process improvement 10. Data and Information Management: enhancing the role of data,

information/intelligence, knowledge management

Italics: New to list for 2011 Source: NASCIO State CIO Survey, October 2010

Priority Technologies, Applications and Tools

1. Virtualization (servers, storage, computing, data center) 2. Cloud computing (software as a service, infrastructure,

applications, storage) 3. Networking (voice and data communications, unified

communications) 4. Legacy application modernization / renovation 5. Identity and access management 6. Document/Content/Records/E-mail management (active,

repository, archiving, digital preservation) 7. Security enhancement tools 8. Business Intelligence (BI) and analytics applications 9. Enterprise Resource Planning (ERP) 10. Social media and networking (Web 2.0 services, wikis, blogs,

collaboration technologies, and social networking)

Source: NASCIO State CIO Survey, October 2010

15

State CIOs Recognize the Challenge “Every aspect of our work

across the states and with NASCIO has a dependency directly related to identity and credential management.” - Stephen Fletcher NASCIO Immediate Past President and Chief Information Officer, State of Utah

15

Why Identity Management is a Top Priority

Supports national framework for interoperability providing interoperability and trust across multiple jurisdictions.

Promotes state enterprise approach: avoids silos, avoids proprietary solutions. Adoption of the standards will reduce redundant credentialing efforts and

expenditures.

Follows the great work the states have led in improving drivers license issuance. FIPS 201 has a standardized identity proofing process and standardized issuance

procedures. Provides strong proof of cardholder identity.

Supports multiple applications & legacy infrastructure: issue once, use many times.

Enables standards-based provisioning of access management and auditing

Digital Identity and the States States - nucleus of identity for

individuals Identity - basis for providing services

and sharing data across agencies Issue identity credentials - too many! Create identity silos Lots of technical, operational, policy

and legal questions to resolve States need a national framework for interoperability: a trusted federated identity model

http://www.nascio.org/events/conferenceCalls/NASCIO-AllStatesCall-Register.cfm

100 100 Identification 100 100 100

200 200 200 200 200

300 300 300 300 300

400 400 400 400 400

500 500 500 500 500

British Literature

U.S. Lakes

Words that end in “tion”

Broadway Shows

Australian Animals

Authentication

Authorization

Collaboration

Minimization

Before & After

Targets of Opportunities (more words that end in tion)

Standardization: IT and identity management costs driven by complexity and diversity – seek commodity solutions, encourage reuse. Need to align with Federal initiatives like NSTIC.

Rationalization: Adoption of standards will reduce redundant credentialing efforts and expenditures Collaboration: Federal, multi-state and local communication to enhance interoperability Innovation: alternate operational models; enterprise services, not systems – more citizen centric (states conduct millions of transactions a year)

UETA eGov ESign Privacy

FRAC Forms Licenses

Security Standards

Trust

NASCIO Actions

PIV-I

Draft Document Continuing

Education and Awareness

• Whitepaper and Webinars hosted in conjunction with the SCA

• Submitted Comments to NIST on FIPS-201(2)

• Continue to Revise Architecture

• Seeking State Examples and Pilot Examples

• Continue to seek stakeholder input

• Workshop at NASCIO Annual Conference

• Discovery Session at NASCIO Midyear Conference

• Expert Speakers on State Digital Identity Working Group Calls

NASCIO Digital Identity Working Group Rechartered 6/2/2011 Continue to Explore the States Role in NSTIC

Leveraging FICAM for the States Federation Centralization Identity Assurance vs. Authentication vs. Authorization Standards-based Interfaces, communications, exchanges SOA infrastructure and Web services Concepts of ‘issuing party’ and ‘relying party’

The Existing PIV-I Framework States use best practices and guidelines for issuing

standards-based, high assurance, privacy enhancing, multi-use, interoperable, identities and other credentials

Provides basis for enterprise and federated identity, credentials and access management (ICAM) or (SICAM)

Addresses establishing identities and the issuing of credentials as well as the handling of the information and the workstreams associated with identity and credentialing.

PIV & PIV-I have over 5 million issued identities

Leverage and accept State transactions for entitlement

programs, state services, occupational verification, voter registration, licensure and more.

Looking Ahead Collaborate on building an identity

ecosystem…2016?

Support the emphasis on Chain of Trust

Leverage Federal initiatives: more steering, less rowing?

Identity implications of healthcare reform?

Demand for secure identities by citizens

Extending the enterprise: Federal, state and local?

Questions and Discussion

Connect with NASCIO...

www.youtube.com/nasciomedia

www.linkedin.com

www.facebook.com

www.twitter.com/nascio

www.nascio.org

http://images.google.com/imgres?imgurl=http://www.irex.org/images/global/icons/facebook-icon.png&imgrefurl=http://www.irex.org/programs/muskie/index.asp&usg=__-b4yk1JO7unTVwn7ZXXHE5-Hk7A=&h=256&w=256&sz=22&hl=en&start=4&um=1&tbnid=xiJFcn8U73gSPM:&tbnh=111&tbnw=111&prev=/images?q=facebook+icons&hl=en&rlz=1T4ADBF_enUS320US320&sa=N&um=1

http://images.google.com/imgres?imgurl=http://californiaonecare.org/images/twitter-icon.png&imgrefurl=http://californiaonecare.org/&usg=__pXndPddNEZNsCm2KH--duzb8wTM=&h=256&w=256&sz=28&hl=en&start=8&tbnid=j7de1aAYKAVYfM:&tbnh=111&tbnw=111&prev=/images?q=twitter+icon&gbv=2&hl=en

http://images.google.com/imgres?imgurl=http://www.webdesign.org/img_articles/15834/141.jpg&imgrefurl=http://www.webdesign.org/web/vector-graphics/adobe-illustrator/create-a-vector-rss-icon-with-illustrator.15834.html&usg=__oRCbZ5WtROtn5jwrhnHDscmhDP8=&h=338&w=450&sz=9&hl=en&start=9&tbnid=qxRShhULQz-upM:&tbnh=95&tbnw=127&prev=/images?q=rss+icon&gbv=2&hl=en&sa=G