Boutelle: Enterprise architecture needs biometrics
- By Dipka Bhambhani
- Nov 13, 2002
'Don't get warm and fuzzy about passwords. They do not protect the force with the magnitude we need.'
'Maj. Gen. Steven Boutelle
Adopting biometrics means more than installing a device at every entrance, said Maj. Gen. Steven Boutelle, director of information operations, space and networks for the Army CIO, speaking at a recent Biometric Consortium meeting in Arlington, Va.
'You've got to have infrastructure, you have to have policies,' he said.
The Defense Department eventually will rely on biometrics everywhere, including tactical environments, as soon as its enterprise architecture and its Global Information Grid bandwidth expansion project are done. The grid is supposed to provide an overarching fiber-optic network by the end of 2004.
'All of this is about bandwidth,' Boutelle said, because more bandwidth is necessary to accommodate network-centric authentication.
A fingerprint takes up 300 bytes to 1,200 bytes, and an iris scan takes up about 512 bytes, according to DOD's Biometrics Management Office.
DOD is counting on biometrics to secure the Global Broadcast System for warfighters, the Installation Information Infrastructure Modernization Program for bases and the Transformation Communications System for satellites. 'That's the backbone we have to protect,' Boutelle said. 'Don't get warm and fuzzy about passwords. They do not protect the force with the magnitude we need.'
DOD will begin surveying its agencies about their potential biometrics applications in January. By May, the Biometrics Management Office will ask vendors to show how DOD can use their devices to collect, store and retrieve the identifiers.
An acquisition strategy and standards should be ready by then, too. By October 2003, the management office will start work on overall policy, and by January 2004, some DOD facilities will have biometric authentication in place.
By 2005, all DOD personnel are supposed to carry biometric-embedded Common Access smart cards for physical and logistical access and in tactical environments. 'There's nothing we can do quickly,' Boutelle said.Standardization
DOD's Biometrics Fusion Center in Bridgeport, W.Va., is testing devices that comply with the Biometric Consortium's BioAPI standard and the Common Biometric Exchange File Format. Devices being tested also must comply with the international X9.84 standard for encrypting finger templates and the X509 standard for uniform digital certificates.
Boutelle said he isn't 'one for standards' but rather 'one for standardization.' If one agency creates a biometric template of a user, another DOD agency should be able to read it, he said: 'I don't want to have to do a different enrollment.'