December 7, 2017 - 1:00 PM EDT - 2:00 PM EDT
Strong Authentication – When Seconds Count
On-demand access to public safety data is critical to ensuring that public safety and first responder (PSFR) personnel can deliver the proper care and support during an emergency. This requirement necessitates heavy reliance on mobile platforms while in the field, which may be used to access sensitive information. However, complex authentication requirements can hinder the process of providing emergency services, and any delay—even seconds—can become a matter of life or death.
In collaboration with industry subject matter experts and stakeholders, including members of the FIDO Alliance, NIST’s National Cybersecurity Center of Excellence (NCCoE) is aiming to help PSFR personnel efficiently and securely gain access to mission data via mobile devices and applications using standards-based commercially available and open source products.
In this webinar, the NCCoE’s Bill Fisher will demonstrate their Mobile Application Single Sign-On project, a reference design that integrates FIDO multifactor authentication (MFA) with mobile single sign on (SSO) for native and web applications, designed to help reduce the number of credentials PSFR must juggle and decrease time spent on authentication. The architecture uses FIDO and other standards-based technology to improve interoperability between mobile platforms, applications, and identity providers irrespective of the application development platform used in their construction and to support a diverse set of credentials, enabling PSFR organizations to choose a MFA solution that is both secure and speedy.
To learn more about this project before the webinar, visit https://nccoe.nist.gov/projects/use-cases/mobile-sso.
William (Bill) Fisher, Security Engineer, NCCoE
Bill Fisher is a security engineer at the National Cybersecurity Center of Excellence (NCCoE). In this role, he is responsible for leading a team of engineers that work collaboratively with industry partners to address cybersecurity business challenges facing the nation. He leads the center’s Attribute Based Access Control (ABAC) project, Mobile Application Single Sign On (SSO) for the Public Safety and First Responder Sector, and is part of the ITL Cybersecurity for IoT program.
The NCCoE is a collaborative hub where businesses, government agencies, and academia work together to address broad cybersecurity problems of national importance. As part of the National Institute of Standards and Technology, the NCCoE uses standards, best practices, and commercially available secure technologies to demonstrate how cybersecurity can be applied in the real world. Ultimately, the NCCoE helps promote widespread adoption of cybersecurity technologies by developing example solutions to cybersecurity problems that affect whole sectors of industry, or even multiple sectors.
Prior to his work at the NCCoE, Mr. Fisher was a program security advisor for the System High Corporation in support of the Network Security Deployment division at the Department of Homeland Security. He holds a bachelor’s degree in business administration from American University and a master’s degree in cybersecurity from Johns Hopkins University.
Jeremy Grant, Managing Director of Technology Business Strategy, Venable
Jeremy Grant is Venable’s Managing Director of Technology Business Strategy and a member of the firm’s Cybersecurity Risk Management Group. Combining federal government and private sector experience, he works with clients to develop growth strategies, identify and exploit market trends, and advise on policy impacts across the IT, cybersecurity, identity, and payments sectors.
In this role, Mr. Grant utilizes his diverse background and deep understanding of business, technical, policy, and finance issues around identity, privacy, and cybersecurity, having served in a range of leadership positions spanning government and industry. Most recently, Mr. Grant worked as a Managing Director at The Chertoff Group. Before that, he established and led the National Program Office for the National Strategy for Trusted Identities in Cyberspace (NSTIC), housed in the National Institute of Standards and Technology (NIST); NSTIC was the first new cybersecurity program launched by the Obama administration. There he led the administration’s activities across private and public sectors to drive a marketplace of more secure, privacy-enhancing identity solutions for online services. He coordinated development of a common shared identity service for citizen-facing government digital applications and helped establish the private sector–led Identity Ecosystem Steering Group, which has crafted a framework of standards and rules to enable a trusted online environment that can validate the identities of individuals securely with minimal disclosure of personal information. He also led efforts to improve identity and authentication for individuals and devices in the NIST Roadmap for Improving Critical Infrastructure Cybersecurity.
Before leading NSTIC, Mr. Grant was the Chief Development Officer for government services consulting firm ASI Government. He spent three years with Washington Research Group as a market analyst focused on identity, cybersecurity, and government technology. Earlier in his career, he served as Vice President for Enterprise Solutions at MAXIMUS, where he led the division’s Security and Identity Management practice, playing a major role in a number of major federal identity and security programs. Mr. Grant began his career as a legislative aide in the U.S. Senate, drafting legislation laying the groundwork for the Department of Defense and civilian agency smart card and PKI efforts.