The Defense Department is still on track to begin phasing in over-the-air mobile derived credentials this summer; however, the department and other agencies are looking further into the future for more creative ways of verifying the identity of their employees as they access government networks.
DoD’s mobility and public key identification program offices have been creating training materials, workflow processes and other preliminaries in place for iPhone, Android and Windows devices this summer.
The roll out will begin with Apple products.
“We do have a phased approach that we are using,” said Kimberly Rice, mobility portfolio manager for the DoD Portfolio Management Office during an April 15 speech. “I think many of you have heard of the [Defense Information Systems Agency] first program, where we make sure that DISA eats its own dog food. Make sure the capability works first before we deploy it across the department.”
Rice said she has had a huge reaction to the program and many people are anxious to use it.
DoD is currently conducting a pilot program that is not over-the-air, but uses credentials put into devices so that senior users in particular can access Common Access Card (CAC) sites and use encrypted email, Rice said at an AFCEA event in Vienna, Virginia.
DoD is now working with services on the over-the-air scheduling and phasing.
Rice said the technical solution is the easier piece. The processes and flows for figuring out how each of the services will get the program set up at an enterprise level will be a bigger challenge.
“We want to make sure we don’t burden the services with an unexpected cost or push a capability that may not be ready for primetime yet,” Rice said.
Rice said DoD needs to get past the CAC and start thinking about meeting authentication requirements. The department is looking to industry for that.
One thing the department and the CIA are interested in is biometrics, using physically individual identifiable traits of workers as ways to authenticate.
Michael Mestrovich, deputy director of the CIA’s Technical Services Office, said the government is looking into Bluetooth technologies like Fitbit for that purpose.
“They measure your breaths per minute, they can measure your pulse, they can give you an electrocardiogram, so they can pretty well, within a pretty good error rate determine from your biometrics how you actually are breathing and how blood is flowing through your brain that you are who you said you are,” he said.
Mestrovich said that information can be used as a credential and authenticate access.
Of course, DoD has not secured Bluetooth, which makes it hard for it to implement those technologies.
Mestrovich said that will be the next frontier for DoD credential development.