DOD aims to make smart ID cards even smarter
- By Joey Cheng
- Jun 13, 2014
Smart ID cards used by the government for network and building access also hold promise, because of increased security, as travel or credit cards, a Defense Department advisor said this week. And although it could be a few years before such capabilities are widespread, some pilots are already being planned.
The chip-based ID cards have been a mainstay in the federal government for years—Common Access Cards for the military, Personal Identity Verification cards for civilian agencies and PIV-Interoperable cards for non-federal entities that need to access government systems. But both DOD and the federal government are working to improve their Identity, Credential, and Access Management (ICAM) practices, especially as technology increasingly moves toward mobility and the cloud.
DOD is able to leverage some 15 years of experience with its smart cards going forward, which were originally issued as a form of information assurance and as a way to go paperless in business practices, Paul Grant, DOD Strategy Advisor for Cybersecurity, said at a federal cybersecurity seminar presented by Federal Times and C4ISR and Networks.
DOD is trying to make the cards more valuable to users, adding enhanced security capabilities as well as new features.
For instance, one important aspect of the card is the use of digital signatures.
“Digital signatures allow us to do anti-phishing -- and that’s policy in DOD,” Grant said. “I check the signatures on all the email I receive as the first step. If it’s not a recognized signature then I look at other indicators of whether it is a valid or invalid message, so this is very important for anti-phishing.”
The cards also allow for continuous monitoring on networks -- operations centers will be able to check and authenticate who is on the network, reducing anonymity and even possibly reducing the need to redo security clearances through recorded good behavior.
Outside of providing security, DOD is looking to integrate the card with users’ daily lives and seeking opportunities to add new capabilities.
The D.C. area and Philadelphia area metro transit authorities are in the process of adding PIV-I cards to their systems, meaning users will be able to use those cards to get onto metro and bus systems. A pilot program is beginning this fall. Meanwhile, DOD has been working with the Transportation Security Agency to create a pilot program that would allow users to use their CAC or PIV cards to pass through airport security more quickly through Trusted Traveler Programs.
The cards also have the potential to be used as credit cards -- one goal of DOD is to partner with banks that would allow users to access accounts and to add government credit or travel card capabilities to the cards. DOD is also looking to convert separate military service payment cards into the system.
Organizations that move fast enough with CAC and PIV cards, which includes the General Services Administration and DOD, will get a return-on-investment not just on cybersecurity but across a full business gamut, Grant said. DOD is working to make sure that the card has value to users, so that users will want it, he said.
Joey Cheng is an editorial fellow with Defense Systems.