Group wants to integrate physical, IT security

SAN FRANCISCO'Physical and IT security traditionally have been stovepipe processes, with little communication between the products used on each side.

The Open Security Exchange, a year-old industry group, is developing interoperability standards with an eye toward tearing down those pipes.

'We are all about developing standards to bridge the gap between IT and traditional physical security technology,' said OSE director Eric Maurice. 'We've had a very interesting first year.'

Formation of OSE was announced at last year's RSA Security Conference by Computer Associates International Inc.; GemPlus Card International Corp. of Gaithersburg, Md.; HID Corp. of Irvine, Calif.; and Tyco International Ltd.'s Fire & Security Software house.

The group has since completed specifications for its Physical Security Bridge to IT Security, and submitted them to the Security Industry Association for adoption as part of its Open Systems Integration and Performance Standards initiative. OSIPS is a cooperative effort between SIA and the Counter-Terrorism Technical Support Office of the departments of Defense and State.

At this year's conference, OSE is announcing a partnership with the Liberty Alliance to develop new standards for wireless authentication. The Liberty Alliance Project is a coalition of 160 government and commercial organizations, including the General Services Administration and DOD, focused on identity management.

Identity management, particularly for remote users accessing commercial and government services, is a growing issue, said Maurice, who also is director of CA's eTrust brand unit.

'It's a problem we are facing,' he said. 'How do you ensure who the people you are dealing with are?'

Cell phones use Subscriber Identity Module cards, small smart cards that ID a phone's user to a network. 'We are collaborating on defining standards for portable SIM card authentication' that would let wireless devices be used for physical security access and to authorize payments, Maurice said.

OSE also expects to release within a few weeks a white paper on credentials management and smart cards. Adoption of smart cards has been slowed by a lack of interoperability, Maurice said.

'There has been a lot of confusion about smart card technology and the different standards,' he said. 'There were expectations that the cards would work together,' but they do not.

The paper will lay out guidelines for choosing the proper technology, depending on the user's needs, with information on applicable standards for physical and IT security.

About the Author

William Jackson is a Maryland-based freelance writer.


  • business meeting (Monkey Business Images/

    Civic tech volunteers help states with legacy systems

    As COVID-19 exposed vulnerabilities in state and local government IT systems, the newly formed U.S. Digital Response stepped in to help. Its successes offer insight into existing barriers and the future of the civic tech movement.

  • data analytics (

    More visible data helps drive DOD decision-making

    CDOs in the Defense Department are opening up their data to take advantage of artificial intelligence and machine learning tools that help surface insights and improve decision-making.

Stay Connected