With cards in play, DOD looks to up the ante
- By William Jackson
- Jun 05, 2003
The Defense Department plans to have about 4 million Common Access Cards issued to active-duty and selected Reserve military personnel, civilian employees and contractors behind its firewall by the end of this year.
That doesn't mean the job will be over, said Mary Dixon, director of the Access Card Office of the Defense Manpower Data Center. DOD will continue issuing about 1.3 million cards a year to replace existing cards and accommodate incoming personnel.
But the department is now shifting its focus from issuance to applications, she said.
The Common Access Card program began in 1999 and has become by far the government's largest implementation of smart cards. The card is being used as a standard ID card, and its embedded chip also can be used for logical access to IT systems and for other types of authentication.
'This summer we will be piloting some contactless technology,' Dixon said. 'We hope in fiscal 2004 to be able to add biometrics.'Neutral card
She said the type of biometric has not been decided, although 'it is most likely fingerprints or iris scans. We are designing the card so it will be vendor-neutral and biometric-type neutral.'
DOD also is testing remote updating of cards, to allow resetting of personal ID numbers. Betsy Appleby, the Public Key Enabling program manager for the Defense Information Systems Agency, said there is a 40 percent 'forget rate' for CAC PINS.
Services also are in the process of deploying readers and middleware to desktop machines to enable access. To date, about 150,000 desktops have been equipped.
The card now is used as an ID card, for manifesting troops on the move, for signing and encrypting e-mail, and for the Defense Travel System. During the 2002 general election a small number of troops used the smart card for absentee voting.
'In the 2004 election that will be more widespread,' Dixon said.Lack of interoperability
Government officials would like to see more widespread use of smart cards, but a lack of interoperability has slowed adoption, said Jim Dray, principal scientist for the National Institute of Standards and Technology's smart-card program.
'The government has been trying for some time to do this, and it has turned out to be a problem,' Dray said. 'There are many attempted rollouts of smart-card technology, over the years. The real roadblock is that there has not been enough interoperability between products.'
NIST is working to change that with its Government Smart Card Interoperability Standard.
Version 1.0 of the standard was issued in August 2000, three months after the General Services Administration awarded five contracts for its Smart Access Common ID Card program. The initial version was written in a hurry, and version 2.0 was published in June. NIST now is working on version 2.1, Dray said.
The new version will include provisions for contactless use and biometrics.
'DOD has been proactive in feeding information to us' for biometric specifications, Dray said.
Dray said he expects the GSC-IS to be submitted to standards organizations for formal adoption as industry standards.
William Jackson is freelance writer and the author of the CyberEye blog.