Wennergren to chair DOD identity management group
- By Susan M. Menke
- Mar 18, 2004
'Feel proud,' Navy CIO David M. Wennergren told the Biometrics Symposium 2004 today at Fort Lesley J. McNair in Washington. 'We have 4 million Defense Department digital credentials on the Common Access Card today.'
If DOD had 50 or 60 different public-key infrastructures 'as we might have had a few years ago, we wouldn't be in the same position,' Wennergren said. 'I can use my CAC to get in the building, log on to the Navy-Marine Corps Intranet, launch secure Web sites, digitally sign transactions and collaborate securely.'
Not all 4 million CAC holders are using it for so many purposes or even want to, he said, and that's all right with him as the new chairman of the DOD Identity Management Senior Coordinating Group, which will begin meeting in April.
'Initiatives that touch people's lives are real change challenges,' he said. 'There are strong opinions and passions.' It would be 'absolutely wrong to set up an agency to issue national ID cards,' he said. 'But by cross-credentialing PKIs with smart cards, you can get the same effect' while maintaining privacy and security.
'You have to find the right breakpoint for IT investments that need to be done corporately by DOD' instead of letting individual organizations make their own authentication choices, he said. 'PKI and biometrics don't solve the same problems. You've got to be very clear' about digital certificates, which replace passwords, and biometric authentication, which advances far beyond the personal identification number.
'The Fortezza card was strong security,' he said. 'But we built it ourselves and had to solve all the problems ourselves.' The CAC, in contrast, follows industry standards.
The coordinating group, Wennergren said, has several tasks:Improve CAC certificate revocation procedures''A million new ones are issued each year,' he said.Aim for business-oriented results to eliminate duplicationSet standards for measuring the resultsInsist on interoperability and 'full-dimensional protection' that prevents ID theft but also maintains individual privacy.