idealist.org

U.S. PRIVACY PROTECTION INITIATIVE PHASE 1 (USP-I)

PURPOSE / OVERVIEW:

Phase 1 of the Homeland Security Foundation of America (HSFA) U.S. Privacy Protection Initiative (USP-I) is designed to help combat computer crimes by introducing secure authentication technology into the small to medium-sized business (SMB) market at no cost, eliminating a major source of privacy violations for employees and consumers.

Phishing is a gateway to ID theft and other high-technology crimes. Public attention has been fixed on many high-profile security breaches at federal government agencies, large corporations and universities; however, financial fraud experts say hackers increasingly are targeting small, commercial Web sites and networks.

To address this growing national security and public safety concern, HSFA will provide Nomad Secure Access (SA) client/server software as a community in-kind donation to participating small businesses nationwide. HSFA plans to partner with hardware manufactures to meet the hardware/software requirements for installation and certify local IT service providers to offer installation and support at low fixed rates if the end user does not have adequate staff to manage the solution.

THE TECHNOLOGY:

USP-I employs Nomad Secure Access (SA), which provides two factored authentication for secured and trusted access. Authentication and secured trading is based on the Public Key Infrastructure (PKI). PKI is defined as a process of components rather than single components. Nomad SA reduces the costs and complexity of administration and support offering an end-to-end solution for secure access management, i.e. - Digital Certificates, Digital Signatures, Certificate Revocation Lists, Encryption and Decryption. Nomad SA removes sensitive corporate data and systems from mainstream access, establishing trust at the user level and not the system level without the need to integrate services with new or existing processes.

Client End-Point Security: Nomad SA eliminates full network access, meaning it pushes security policies to the Client system eliminating access to the front door of the network. VPN and other two factored solutions require the user to authenticate on a network server and then this server determines access. This is the equivalent of allowing strangers into your home and then telling them which rooms they can go in. The problem is the person is already in the house. By pushing security policies to the Client end-point, access is only granted to those applications or systems defined. All other network access is denied, removing unauthorized access and eliminating potential risks of network attacks.

Removing Public Access: Nomad SA allows public access without systems or services being defined to the public networks. Typically, web access to corporate data must be defined via a web site that is local to the public domain, so the owner must implement a secured means of identification. This is usually performed via a USERID and PASSWORD, a challenge / response, through the use of Digital Certificates or a combination thereof. This means the public has access to the first process in web services. With the combination of PHISHING and SPAM this further increases risks for fraudulent access and identity theft. Nomad SA removes public access for any system or application, especially web services. It ensures that access to network resources are properly managed to help businesses keep their customers’ private information confidential. The Nomad solution combines Client-end point policies with digital identity to eliminate Phishing and deny fraudulent access to network resources.

USP-I DEPLOYMENT:

ID thieves and fraudsters target home users, small-to-medium businesses, and corporations. Most large corporations have the resources to implement a safeguards and security program for their IT infrastructure; however, many small businesses and some medium-sized businesses do not. Home users must rely on the effectiveness of businesses’ security models to protect their identity. U.S. Privacy Phase II (USP-II) will offer centralized public access to the Nomad software via a secure web-based portal, providing support for home users. Most corporations already have a solution, which leaves small and medium-sized businesses open to attacks – these businesses will be the primary target for USP-I deployment.

USP-I DELIVERABLE:

HSFA will make a minimum $10,020 USD community in-kind donation to small and medium-sized businesses in the United States. For example, a small business with 25 employees will be eligible to receive the following in-kind donation:

$10,000 USD Initial License Fee
$500 USD User Fee ($20 USD x 25 employees)
============================================
$10,500 USD Total in-kind donation from HSFA

HSFA is committed to delivering this technology at no cost to the end user. We expect that many business networks will meet the minimum hardware and software requirements and will have support staff capable of installing and utilizing the software. For businesses who do not have these resources available, HSFA will refer them to a local IT services firm who has successfully completed the HSFA Certified Privacy Partner (HCPP) program and committed to providing installation and support services at a low fixed rate. HSFA will provide oversight of these certified partners to ensure compliance to program requirements. Southern Data Solutions will provide tier-2 support to partners.

Nomad SA requires a server that meets the following specifications:

• IBM Compatible PC
• Network Adapter
• Microsoft Windows Server
• SQL
• 11 MB Hard Disk Space
• Remote access software

HSFA will partner with a hardware manufacturer to provide equipment as an in-kind donation or at a low fixed price. The equipment supplied should meet the above requirements, but may be demos, off-lease units, etc. Ideally, the equipment should be preconfigured with our image and ready to install into any network as a Member Server. It should be controlled by HSFA or a certified firm. HSFA will also partner with a remote PC access software company to enable remote management of the Nomad SA product. If a business cannot afford to purchase the low-cost equipment or pay for the low-rate installation service, HSFA will seek grants / sources of funding to cover the cost. A formal application will be developed.

HSFA CERTIFIED PRIVACY PARTNER (HCPP) PROGRAM:

HSFA will establish a certification program for IT service providers in each state who wish to participate in USP-I deployment. A formal application process will be established to qualify and train the firm and provision the resources required to perform services on behalf of HSFA. A small registration fee may be required to cover administrative costs, including but not limited to a background check, past performance evaluation, and technical capabilities assessment. Once a HCPP firm is certified, it is eligible to deploy HSFA licensed instances of Nomad SA to small and medium-sized businesses. The HCPP firm’s rate schedule for installation, troubleshooting and repair must be less than fair market value and approved in advance by HSFA. The HCPP firm will be required to submit a number of reports regarding each case – these reports will be subject to review for HCPP compliance.

BENEFITS SUMMARY:

Greater security and less crime: Small and medium-sized businesses, are often a target of thieves and fraudsters due to a lack of technical security countermeasures. Increasing their security will result in a significant drop in phishing, ID theft, fraud and other computer crimes. This will reduce the Federal burden associated with investigating and prosecuting criminals. Additionally, by minimizing loss, these businesses will have additional spending capabilities.

Increased consumer confidence and spending: Releasing millions of dollars of security software into the SMB market may help to stimulate the economy; participants can market to customers that they have a more secure environment, which could result in a boost in customer confidence and spending; participants may also need support from HCPP firms – this support will be available at an HSFA fixed rate and/or may be covered by HSFA funding, which will result in additional revenue for these firms, creating technical and administrative jobs.

Collaboration: The success of this public safety initiative increases substantially through partnerships and collaboration between IT suppliers, hardware manufacturers and government agencies. This results in great public relations benefits for both public and private organizations and gives participating businesses the opportunity to learn more about the products and services they provide. This too may encourage additional spending based on the participating business’ needs. It also creates an opportunity to disseminate important safety information to the businesses that represent a significant component of America’s economy in the future.

LAUNCH DATE:

Wednesday, October 1, 2008