Prototype gateway will test authentication needs
By this time next year, Stephen Timchak expects to have rolled out a system to confirm the identity of authorized users of e-government systems.
Timchak, program manager of the E-Authentication project the General Services Administration, said developers are moving quickly toward completing risk analyses for all 24 Quicksilver initiatives by the end of December. The analyses will determine the security needs for each of the e-government initiatives.
The project team then will use the information to launch an E-Authentication gateway by next September.
“Initiative owners are pretty confident and comfortable in where they are but are not thinking as broadly as they need to,” he said. “We are helping them do that by asking them who their customers are, what transactions will be needed, what is the value of the transactions, what would happen if the information was exposed and what is the worst thing that could happen if someone hacked into the system.”
GSA this month plans to launch an E-Authentication prototype gateway through which a handful of agency teams will conduct three or four transactions. Mark Forman, the Office of Management and Budget’s associate administrator for IT and e-government, said the tests will combine a few Quicksilver initiatives and one or two others.
GSA in July released a request for information for the gateway. Timchak said 50 companies responded.
“We are trying to gauge whether there are any opportunities for a government and industry partnership,” Timchak said. “Maybe industry sees so much value in E-Authentication they would be willing to build the gateway in return for some sort of subscription fees based on the number of transactions. I want industry to come back to me and tell me how they think it might work.”
The project team is considering three commercial applications for the prototype, but GSA spokeswoman Mary Alice Johnson said project leaders would not elaborate on the software.
Johnson also said the Education Department will take part in the pilot but would not identify other participants. The launch of the prototype gateway coincides with GSA’s announcement that the Agriculture Department’s National Finance Center, the Defense Department, NASA and the Treasury Department have signed up to use the Federal Bridge Certification Authority. The bridge lets agencies accept other agencies’ digital certificates using a public-key infrastructure to verify users’ identities online.
E-Authentication, one of five Quicksilver projects GSA is spearheading, is one of three initiatives the President’s Management Council recently said needed more resources. The council also said disasterhelp.gov and Safecom, communications projects lead by the Federal Emergency Management Agency, needed more resources, said John Sindelar, deputy associate administrator of GSA’s Governmentwide Policy Office.
Sindelar said the projects, selected because of their focus on security, likely would receive additional personnel and technology resources. He also said the council endorsed continuing all 24 projects.
Of the three projects the council is focusing on, E-Authentication is progressing most quickly. So far, GSA has finished risk analyses for Business Compliance One-Stop, E-Grants, E-Travel, GovBenefits and the Integrated Acquisition Environment, Timchak said.Defined risks
Timchak said his office worked with Carnegie Mellon’s CERT Coordination Center to develop the risk analysis tool it is using for the reviews. The center also is helping conduct interviews and perform the analyses.
GSA’s Governmentwide Policy Office and OMB will set guidelines defining the risk levels and requirements to mitigate those risks, Timchak said.
An OMB official said the guidance will establish a general level of authentication that agencies can use and a description of the authentication system components. GSA plans to issue a list of credentialed vendors whose services federal e-government projects can use to connect to the E-Authentication gateway.
Connect with the GCN staff on Twitter @GCNtech.