DOD faces smart-card deployment dilemma

DOD faces smart-card deployment dilemma

By William Jackson

GCN Staff

Convergence'moving multiple types of data around on a common infrastructure'has been a networking mantra for some time. Now it is taking on a new and troublesome meaning for federal managers as smart-card projects begin to converge and merge.

The Defense Department has decided to use the General Services Administration's Smart Access Common ID smart-card program for rolling out the DOD Common Access Card and also for access to the Navy-Marine Corps Intranet. GSA is finishing the interoperability specifications for its Smart Access vendors and has contracted with the National Institute of Standards and Technology to initiate interoperability testing on a handful of cards and readers that work with Microsoft Windows.

The testing will take months and will not cover cards or readers for Unix, Linux or Mac OS.

Mary Dixon, director of DOD's Access Card Office, plans to roll out her program in beta form at the beginning of next month.

'We are at war for the month of September,' said Capt. Peter Hyers, director of the Navy's Smart-Card Office. 'We need 100,000 cards by Oct. 1' for NMCI.

When the Navy decided to adopt the Common Access cards for NMCI, it expected GSA's program would be further along, Hyers said.

Although it is impossible to guarantee right now that various versions of a governmentwide smart card and reader will work with each other and with all operating systems, deadlines loom.

Shaky ground

'We're driving the risk up, and a partial solution won't work,' Hyers said this month at a meeting of the federal Smart Card Project Managers Group.

Officials of GSA's Federal Technology Service, which manages the Smart Access program, tried to respond to the concerns. They said agencies could require OS interoperability in task orders, even if contract specifications had not been fully tested, because long-term testing will follow on other platforms.

'This is only the beginning,' said Daryl J. Hendricks, an FTS computer specialist. 'This is something we thought we could accomplish in a short time frame.'

GSA in May awarded Smart Access contracts to five companies: Electronic Data Systems Corp., KPMG Consulting LLC of McLean, Va., Logicon Inc. of Herndon, Va., Litton PRC Inc. and 3-G International Inc. of Springfield, Va.

The cards must support services such as physical and logical access, cryptography, biometrics, public-key infrastructure, digital signatures and authentication.

The vendors also must adhere to interoperability standards FTS will set.

But Dixon said she worries about starting to deploy cards with little or no assurance that they will work with DOD operating systems.

Defense will begin beta-testing its Common Access smart card next month at Quantico Marine Corps Base, Va. Initially, DOD will use the 32K cards for identification, and each will have a PKI certificate. Testing will continue through December of next year, and the department expects to issue 3.4 million cards by October 2002.

The cards are supposed to last three years. Replacing them early if they fail to interoperate is not an option, Dixon said.

Little help

DOD will continue to rely on its own interoperability testing when deploying the cards.

'The GSA specifications don't hurt DOD,' Dixon said. 'We can still use them. But they don't help us either, except for the readers.'

Because NIST will test 20 readers, DOD officials can be sure that readers bought separately by each service will interoperate.

One of the Navy's first jobs in deploying NMCI will be to supply its contractor with 100,000 smart cards for network log-ons and the DOD PKI. The Navy will need 390,000 cards for NMCI by year's end, so just getting delivery of the cards could be a problem, Hyers said.

inside gcn

  • A forward-located Control and Reporting Center. Air Force photo.

    Data security at the tactical edge: Rightsizing solutions

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above