Digital identity: fundamental to cybersecurity and cyber resilience
Pierre A. Roberge, digital identity expert, co-founder of SecureKey and member of In-Sec-M, gave a talk at the Smart Cities, Digital Identities and Cybersecurity workshop on December 17 in Quebec City.
Through an eloquent presentation, Mr. Roberge presented the challenges and solutions to preserve a digital identity. His message was clear: “digital identity is essential and fundamental to cybersecurity.”
In front of a crowd of 80 information professionals, Mr. Roberge wanted to differentiate cybersecurity and cyber resilience: “Cyber security focuses on protecting computer systems from damage or theft of hardware, software or their electronic data, as well as against disruptions or misdirection of the services they provide. Cyber resilience refers to the ability of an entity to continuously deliver the desired result, despite unwanted cyber events. Cyber resilience combines (1) cybersecurity (2) business continuity and (3) organizational resilience to minimize damage and continue to operate under attack. This results in a more robust service, builds the confidence of citizens, and ultimately ensures the sustainability of services. ”
Public and private organizations are increasingly expanding their cybersecurity efforts with a more holistic view, to include this cyber resilience strategy. They are more proactive than in the past. “A strong digital identity is the cornerstone of cyber resilience,” says Roberge. This is THE way to identify yourself online in a safe, friendly and private way. ”
What is digital identity?
“It is a set of attributes or statements that you make about yourself or about another person. These declarations or attributes are often found grouped together and presented in the form of supporting documents. Think identity card. The supporting documents can be the subject of an evaluation by the dependent part of this one: one speaks then about the authentication. I claim that my name is Pierre Antoine Roberge, but most of my supporting documents are not based on my name. I pretend that I am Canadian, that I am over 19 years old, that I have a valid driver’s license, etc. Although my person does not belong to any company, several of them have some of my identifiers, such as Google for my Gmail address, or LinkedIn for the URL link of my profile. Sometimes, a proof can be authenticated between 2 parties – I am over 19 years old, here is my driver’s license to demonstrate it. Sometimes a third party is required, such as sharing with a lender that I have a credit score of more than 725 points. Digital identity can also do things that our cards and passports can’t do. If I just want to prove that I am of legal age, there is no reason why I should disclose my birthday, my height, and where I live. ”
Digital identity therefore allows citizens to have more control over the information disclosed. This is what identity geeks call zero knowledge.
The use of digital identification, robust, secure, capable of protecting privacy, then becomes an essential, reliable and user-friendly element for a strong cyber resilience strategy.
Organized in collaboration with the Ministry of Economy and Innovation, Québec International, Le Camp, Prompt and In-Sec-M, the workshop helped to draw up an inventory, to take stock of cybersecurity needs and solutions offered by industry and innovators, thus bringing together those who have the challenges and those who have the solutions. To read more on the subject: insecm.ca/a-smart-cities-digital-identities-and-cybersecurity-workshop