Personal Identity Verification- Interoperability/ First Responder Authentication Credential (PIV-I/FRAC) I/FRAC) Technology Transition Work Group (TTWG) Karyn Higa-Smith, Research Program Manager Identity Management, Privacy Technologies, & Secure Information Dissemination Command, Control and Interoperability Division Science and Technology Directorate U.S. Department of Homeland Security 29 June 2010 IAB Meeting
Command, It will take our Control continued commitment and Interoperability to really and finally get the issues related to credentialing and access management accepted as an important component of our national interoperability objectives to enhance homeland security capabilities in both the public and private sectors. -Deputy Assistant to the Governor of an Atlantic State Mission The Command, Control and Interoperability (CCI) Division creates and deploys information resources to enable seamless and secure interactions among homeland security stakeholders. This concept of integrated interoperability will promote enhanced joint planning, improve performance, and increase efficiency among all our partners. -Regional Director for Emergency Management Vision Stakeholders have comprehensive, real-time, and relevant information to create and maintain a secure and safe Nation. Identity and Access Management is a key enabling technology for information sharing and secure communications.
To cover: Background Members Problem Space Goals Research/Pilots
Practitioner-Driven Approach Integrates existing frameworks to establish seamless information exchange among participants, as needed and as authorized. Builds on existing investments by leveraging a system of systems model to permit both new and existing technologies and concepts to exchange information. Draws on practitioner input at every step of the CCI project lifecycle. Employs a comprehensive approach by fostering dynamic information sharing between all practitioners, not specific, fixed points. Highest Usage Lowest Local Agency-Specific Regional Inter-Agency & Inter-Disciplinary State and Federal Highest Priority Lowest
Partnership to support State and Locals Emergency Response Officials Standing up the PIV- I/FRAC TTWG Public Safety Standards Interoperability & Trust Innovation FEMA and S&T
Technology Transition Work Group: Membership Charter Co-Chairs Local, Region, State Local and State Participants Colorado Maryland Virginia District of Columbia Missouri Southwest Texas Pennsylvania Chester County, PA Pittsburgh, PA West Virginia Hawaii Illinois
Tough Lessons Daunting Task of: Coordination Collaboration
Making it work in the field A national standard, interoperable, & trusted ID for emergency response (PIV-I) One voice from the TTWG to policy makers Share lessons and successes Identify technology gaps Federated Identity Management
Top-down Top-down Bottom-up
www.idmanagement.gov
Research, Development, Test & Evaluation: Identity Management Pilot Privacy in Information Sharing Data Anonymization
DHS or SLT w/ PIV or PIV I Card Auth. Attribute Store 1 1. DHS user needs access to or information from NORTHCOM 5. NORTHCOM Resource (Web Site / Application) 2. DHS User is Authenticated 3. NORTHCOM needs offcard attributes to authorize DHS User to access resource. It asks its own Attribute Authority Auth. Attribute Store n DHS or SLT Attribute Broker 4. NORTHCOM and DHS communicate to exchange user information about DHS User NORTHCOM Attribute Broker
Sharing and Collaborating across domains (jurisdictions) Fusion Center Information Sharing Privacy Policies Policy-based decision engine Privacy Act into thousands of lines of code!
Command, Control and Interoperability Division Science and Technology Directorate U.S. Department of Homeland Security Karyn Higa-Smith DHS S&T Program Manager Karyn.Higa-Smith@DHS.gov 202.254.5335