This month Smart Card Talk spoke with Keith Ward, director of enterprise security and identity management for Northrop Grumman. A 25+ year veteran, Keith is recognized as an information technology executive and has business management experience in leading, managing and developing complex mission critical enterprise programs and solutions.
Keith developed the strategic approach and led the remediation of the Cyber Security – across the Northrop Grumman Corporation (NGC) enterprise. He was responsible for the strategy, planning, resource management, engineering/solution development, implementation, and program management for enterprise provisioning, remote access, CertiPath and PKI, and the NGC OneBadge credentualing program.
Recognized as an expert on security and identity management in enterprise-wide mission-critical environments, Keith is a regular speaker at industry conferences including Aviaiton Week, AFCEA, RSA, Smart Card Alliance, the National Notary Association, Future Aerospace Congress and various U.S. DoD Identity and Cyber Crime Conferences.
Prior to his current role, Keith has held IT management positions in both business unit execution and operational service delivery within Northrop Grumman and Litton PRC. Keith was the program manager for the several Litton PRC programs that included: GSA Smart Card Program, Pacific Disaster Center Program, National Weather Service Modernization Program, Weather Channel Modernization Project. Keith also served as the lead system architect for several programs that include London Metropolitan Police 999 and E999 Security and Command and Control Modernization Project, Geographic Environmental Solutions and Product Lines and GTE’s FAA Data Acquisition Distribution System.
Keith Ward served as Chairman of Transglobal Secure Collaboration Program (TSCP) and currently serves as the Vice Chairman, a government-industry partnership for aerospace and defence companies focused on solving the real-world challenges of secure information sharing across organizational and geographic boundaries.
Keith holds a degree in Commerce and Engineering from Drexel University.
1. What are Northrop Grumman’s main business profile and offerings?
Northrop Grumman designs some of the world’s most sophisticated war-fighting tools, from stealth fighters and airborne surveillance systems to nuclear powered aircraft carriers and submarines. We secure the most sensitive systems and networks that are critical to our national defense. We have established interoperable trust mechanisms of our employees, our contractors, our suppliers, our customers and our partners and must be trustworthy and authorized to access systems and resources. We have ensured proper due diligence in checking their identities and backgrounds for the protection of sensitive information and timely notification for de-provisioning identities from our systems and facilities.
2. What role does smart card technology play in supporting your business?
Northrop Grumman Corporation has embarked upon an ambitious enterprise-wide initiative to implement a comprehensive Security and Identity Management Program. Several projects are now underway to ensure corporate-wide compliance with the enhanced security requirements that are mandated by the presidential directive known as Homeland Security Presidential Directive 12, more commonly referred to as HSPD-12, and guided by Federal Information Processing Standard (FIPS) 201.
The OneBadge project will eventually touch every Northrop Grumman employee, and is compliant with Federal standards. We have a significant Northrop Grumman population of company-issued PIV-interoperable (PIV-I) credentials and operate an infrastructure to authenticate and authorize users for physical and logical access, parts of which are federated to the Federal government.
Our Enterprise-Wide Identity Management (IDM) program required the integration of multiple separate security domains across the company, each of which had made significant investments in strong authentication and protection to safeguard not only Northrop Grumman assets, but also the assets of the systems to which we connect, namely, Federal government systems. Given the onslaught of the recent cyber security challenges, however, it was imperative that Northrop Grumman provide for secure data transmission and sharing across the company and programs as well as for our partners and customers within the global community.
The OneBadge will have many of the same features as the existing employee badge, displaying the employee’s photo, name, and a unique badge number, as well as encoding for access to the buildings where the employee regularly reports for work. The OneBadge is a PIV-I credential which will provide significant cost savings across the enterprise by consolidating several technologies, and therefore functions, into one device. The OneBadge will enable strong multi-factor authentication, including CertiPath cross-certified PKI certificates and biometrics to authenticate users to internal networks and data, and to the networks of Northrop Grumman partners and customers. OneBadge will also eventually replace some of the SecurID RSA tokens that are currently used by many Northrop Grumman personnel who work remotely.
3. What trends do you see developing in the market that you hope to capitalize on?
Northrop Grumman has identified the critical need for a common framework for federated collaboration including identity management and assurance, data protection, digital rights management and secure collaboration. For us to do business in today’s world, we must balance the need to protect intellectual property (IP) while demonstrating willingness and ability to meet contractual requirements from government customers for auditable, identity-based, secure flows of information.
The specific trends are related to Identity Management & Assurance–e.g., federated web single sign-on (SSO), secure email collaboration (e.g., mitigating the risk of spear fishing), data labeling and protection, end-to-end Trusted Platform Module (TPM) and facilitation of secure collaboration.
4. What obstacles to growth do you see that must be overcome to capitalize on these opportunities?
The biggest challenges to the adoption of federation are governance, liability and contractual clauses to limit the exposure in third-party assurance.
5. What do you see are the key factors driving smart card technology in government and commercial markets in the U.S.?
The key factor in driving smart card technology is the National Strategy for Trusted Identities in Cyberspace (NSTIC), which identifies a set of guiding principles for accelerating the use of trusted digital identity credentials. Deploying a smart card system that reflects these principles can help secure transactions on the Internet, improve the public’s awareness and control of personal information, and stimulate the growth of online commerce. It is prudent to first create one or more proofs of concepts (POCs) in controlled settings to expose and close critical gaps before expanding to more ambitious smart card pilots that include real transactions with real people.
6. How do you see your involvement in the Alliance and the industry councils helping your company?
A key challenge that crosses all domains is being able to increase security while preserving privacy. The Smart Card Alliance can help Northrop Grumman by continuing the outreach for smart card adoption, awareness and news releases that promote investments made from companies like Northrop Grumman.
Member point of contact
Northrop Grumman Information Systems
Director Enterprise Security & Identity Management
3975 Virginia Mallory Drive
Chantilly, VA 20151