Content area
Full Text
Abstract: Digital identity is an online or networked identity in cyberspace for an individual, organization, or entity to uniquely describe a person or a thing and contains information about the entity's relationships. A critical challenge in cybersecurity and cyberspace operations is knowing with whom or what one is defending. Currently, it can be difficult to accurately determine the identity of a person or entity in cyberspace. A unified and verified identification system for each entity or component of an IT system is needed. This paper will identify the challenges and opportunities that digital identity technologies introduce for cybersecurity and cyberspace operations.
Keywords: Digital Identity, Software ID Tags, SWID, NSTIC, IDESG
Introduction
In the U.S. National Military Strategy for Military Operations, the information environment within cyberspace is described as "the aggregate of individuals, organizations, and systems that collect, process, disseminate, or act on information" (Joint Chiefs of Staff 2006). In order to conduct cyberspace operations and operate securely in cyberspace, it is essential that assets can be identified in real time. There is an old adage that states that one cannot manage what one cannot measure. However, those who are engaged in or with the current state of information technology (IT) (individuals and/or organizations) and even the systems themselves are at a more precarious point: they are not able to manage their IT systems because they do not even know what or who is on those systems. As a result, the need exists to appreciably ramp up the ability to identify both what and who are operating on any given IT system.
What Is a Digital Identity?
The United States Federal Chief Information Officer (CIO) Council has defined digital identity as "[t]he representation of identity in a digital environment" (Executive Office of the President of the U.S. 2011a), while the National Strategy on Trusted Identities in Cyberspace (NSTIC) defines it as "a set of attributes that represent a subject in an online transaction" (Executive Office of the President of the U.S. 2011b). Digital identity also has another common functional definition as "the digital representation of a set of claims made by one digital subject about itself or another digital subject" (Executive Office of the President of the U.S. 2009). All three of these definitions are...