Jeff Nigriny, president and founder of CertiPath served as the opening speaker during the exclusive “How to Increase Cybersecurity and Return on Investment of Existing PIV Infrastructure for Cross-Agency Encryption” Webinar on Tuesday, June 30th.
Mike Horkey, founder and CEO of Tru-Concepts LLC, introduced Nigriny. Horkey noted Nigriny’s crededitals and qualifications concerning PIV and cybersecurity background. Nigriny then set the stage, beginning his discussion with digital identity and PIV.
“I don’t think anyone believes that digital identity is working the way we would like it to at this point in time. We’ve been subjected to identity theft, phishing emails, etc. Society will do bad things when they believe that they can get away with it,” Nigriny stated.
Nigriny unpacked digital credentialing in relation to the Sept. 11th attacks. He noted that there were delays in response due to the difficulty of a rapid identification process because there were no means to electronically verify a person’s credentials.
Coming out of the 9/11 attacks, the Department of Homeland Security (DHS) released HSPD-12, a directive that called for a common, interoperable identification credential to be used for logical and physical identification processes.
“When we’re talking about a PIV credential, it’s important to understand where the trust comes from. Trusting credentials comes down to three functions: the trustworthiness, technical quality and relationship between the issuer and credential bearer.”
Nigriny noted that trustworthiness must be analyzed in the context of the likeliness of an issuer to be operating a trustable credentialing infrastructure. The technical quality relates to the security and the modern software that credentials are built on to enhance security.
“Overall, there are three broad categories for enterprise credentialing: PACS, LACS and email. PACS and LACS have created secure physical access, but emails are a black hole.”
Nigriny noted that email does not have credentialing technology, which could pose a threat to security. Email is a leading tool for communication, but it does not have a secure backing.
“Email clients do not understand test certificates from production certifications, which creates a massive gap… To help combat the issue, encrypted email is where agencies should start to expand,” Nigriny concluded.
Stay tuned for future GovConWire events! On Aug. 27th, GovConWire will host its Business Development Forum to discuss the latest trends in Business Development (BD). Click here to register for the event.
Featuring Stephanie Shutt from the General Services Administration (GSA) as the keynote speaker, this webinar will dive into current BD trends, tips for securing contracts and FY21 federal budget projections. Don’t miss out on this must see forum!