This month marks the first anniversary for the National Strategy for Trusted Identities in Cyberspace (NSTIC) here in the US. They always say, “The first year is the hardest,” but NSTIC has done remarkably well so far. Now is a good time to look back at what’s happened in the first year, and what lies ahead for year two.
The NSTIC is working towards something we absolutely need on the Internet: trust. According to the adage as immortalized by the Peter Steiner cartoon in The New Yorker in 1993, ‘On the Internet, nobody knows you’re a dog.’ 
Our system today is broken; we have no idea who is who on the Internet. Run by the National Institute of Standards and Technology (NIST) and led by Jeremy Grant, NSTIC aims to create an identity ecosystem that will be “a user-centric online environment, a set of technologies, policies, and agreed upon standards that securely support transactions ranging from anonymous to fully authenticated and from low to high value. Key attributes of the identity ecosystem include privacy, convenience, efficiency, ease-of-use, security, confidence, innovation, and choice.”
NSTIC’s Jeremy Grant and team are not aiming to create a government-led identity program. Instead, NSTIC will give private companies the tools to develop the system themselves, through providing federal funding to meet, determine standards, and begin pilot programs.
One-year-old NSTIC has accomplished a lot, including: creating a framework for its policies and structure; having its federal funds put in place; putting out the call for proposals for pilot projects and picking the finalists; and announcing its intention to support a private-sector led steering committee with $2 million in funding.
In year two, we should expect to see more work towards implementations. As far as timing goes, Jeremy told Federal News Radio that by this summer, the steering committee will be put into place, and up to eight grants for pilot projects will be awarded. Jeremy also told CNET’s John Fontana that he expects up to three federal agencies to announce major initiatives that align with NSTIC by the end of the year.
Jeremy said this to John Fontana about year one: “In Washington, where it often takes years to get anything done, we’ve gotten lots of praise for accomplishing so much so soon with so little. But in other circles, I get asked why it’s been a year since the President signed the strategy and the world hasn’t changed. Both sides have their points.”
True, we aren’t entering year two of the NSTIC with a more trusted and secure Internet, but we are entering it being a whole lot closer. This is the time for public and private sectors to come together to make year two a success. I envision a lot of effort, a lot of voluntary work, and a lot of standards work in the coming year. What do you think?
