With encryption effort, Education built on others' work

The Education Department is the first agency to use the government’s new Personal Identity Verification smart identification card for signing on to laptops and decrypting data on their hard drives. But the department did not tackle the challenge alone. Agencies don't need to reinvent the wheel for every information technology program, said Phillip Loranger, the department's chief information security officer.

More on Education's PIV cards

Education chases Holy Grail of security

When faced with a challenging program, “look around and see what the rest of the country is doing,” Loranger said. “The chances are some people already are doing a part of what you are trying to do. There are very few programs that are doing something that nobody else has done before.”

Education put together a team of department and vendor personnel to design its new system to protect sensitive data on mobile devices with full-disk encryption. They found others who already were working with PGP encryption, PIV cards and Microsoft’s Active Directory. “But nobody had done all three,” Loranger said. However, their individual experiences helped in integrating those elements.

PGP found that although it is not difficult to write interfaces for smart-card drivers, testing a system to work with all available drivers is a challenge. Nothing works out of the box in the complex environment created by smart cards and readers provided by different manufacturers, said company CEO Phillip Dunkelberger.

Even when the environment is not complex, the result must be easy to use and beneficial to users and administrators to be effective.

“The security guy can’t do it by himself,” Loranger said. “He has to use the [chief information officer's] infrastructure, so he has to know the business case and the return on investment going in.”

About the Author

William Jackson is a Maryland-based freelance writer.

Featured

  • Russia prying into state, local networks

    A Russian state-sponsored advanced persistent threat actor targeting state, local, territorial and tribal government networks exfiltrated data from at least two victims.

  • Marines on patrol (US Marines)

    Using AVs to tell friend from foe

    The Defense Advanced Research Projects Agency is looking for ways autonomous vehicles can make it easier for commanders to detect and track threats among civilians in complex urban environments without escalating tensions.

Stay Connected