Multi-factor & Risk-based Authentication , Next-Generation Technologies & Secure Development

Jeremy Grant Is Leaving NSTIC

Headed Initiative to Create a Secure Identity Ecosystem
Jeremy Grant Is Leaving NSTIC
Jeremy Grant

When the federal government hired Jeremy Grant in 2011 to lead the new public-private initiative called the National Strategy for Trusted Identities in Cyberspace, some critics doubted a trusted online environment could be created.

See Also: Mitigating Identity Risks, Lateral Movement and Privilege Escalation

"There was a lot of skepticism when the NSTIC was launched, with some wondering if anything would really happen or whether it would just sit on a shelf and be forgotten" says Grant, who this week announced he would step down in April as the leader of the NSTIC initiative. "After all, there was no mandate in there for anyone do anything - NSTIC simply asked that they help. But these past four years, we've done a lot - driven by a partnership with the private sector - to advance the marketplace for secure, convenient, privacy-enhancing identity solutions."

Since 2012, NSTIC (pronounced n-stick) has granted some $30 million to fund more than a dozen pilot projects aimed at authenticating users more easily and securely. The grants have been used to develop and test new methods for identification online for consumers that increase usability, security and interoperability to safeguard online transactions.


Jeremy Grant discusses success and failures of NSTIC pilot projects.

Among the goals of the public-private partnership is to replace the password as the principle way to authenticate users. Developing a password replacement is "nearing a tipping point," but remains several years off, Grant said in an interview with Information Security Media Group last fall (see The Slow Path to Password Replacement). "There may be room for passwords in the future, but everything we're trying to do is to catalyze replacements that are more secure and easier to use," said Grant, who's official title is senior executive adviser at the National Institute of Standards and Technology, the federal agency that hosts NSTIC.

Creating a trusted identity ecosystem goes beyond finding password alternatives. What NSTIC has done under Grant's stewardship is work with government agencies, academia and industry to develop a trusted online environment where transactions can be conducted securely and easily.

One initiative Grant cited in the interview would enable citizens to use the same two-factor authentication credentials to get services form multiple federal departments and agencies (see Authentication: Changes Coming In a Year). "We're getting really close to launching a new service that would basically enable citizens to have a single credential ... that they can use to log in to different government sites for new online services," he said.

Championing Identity Ecosystem Framework

Grant, the only leader NSTIC has had, helped create the Identity Ecosystem Steering Group that will release version 1 of the identity ecosystem framework this summer. The framework will provide a set of standards and operating rules that organizations can employ to ensure interoperability of different NSTIC-aligned identify solutions. He also helped facilitate the launch of Connect.gov, a shared service that allows government agencies to leverage a common identity infrastructure for citizen services.

But Grant says he considers his biggest accomplish has been the influence NSTIC has had on the marketplace. "We've spent four years promoting NSTIC around the country and around the world, evangelizing about the value of a new marketplace of interoperable identity solutions that are more secure, convenient and privacy-enhancing than the awful password-based solutions we have today," he says. "It's a message that was new to a lot of stakeholders, and one that many found compelling."

Because of his work at NSTIC, GovInfoSecurity named Grant one of its top 10 Influencers for 2015 (see Top 10 Influencers in Government IT Security).

Grant says he's leaving for personal reasons. "Coming in from the private sector to take this job four years ago had some impacts on my family, and as part of that, I made a deal with my wife that I'd timebox how much time I spent in this role," he says. "I've already gone beyond the terms of that deal; it's time to live up to my promises. I don't know what's next - I'm thinking a lot about that these days."


About the Author

Eric Chabrow

Eric Chabrow

Retired Executive Editor, GovInfoSecurity

Chabrow, who retired at the end of 2017, hosted and produced the semi-weekly podcast ISMG Security Report and oversaw ISMG's GovInfoSecurity and InfoRiskToday. He's a veteran multimedia journalist who has covered information technology, government and business.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.