The Defense Department is still testing the use of biometric devices for improving its identity, credential and access management (ICAM). Right now, there are two prototypes, one with about 50 hardware-based devices out in the field, gathering different contextual factors about the users and their interaction with the device. The other one, with another 50 devices, is taking additional information on how users are interacting with them.
The information itself differs.
“The way that we’ve approached this is it’s not a singular thing,” says Steve Wallace, System Innovation Scientist with the Defense Information Systems Agency.
He explained how the research is not limited to just fingerprints and facial recognition. Instead, the information is merged together to create a singular score.
“That score will decay overtime depending on how many factors are being triggered at any given time,” Wallace said.
Researchers can then worked the model created to decide which biometrics would have more value.
“The death of the CAC is greatly exaggerated”
Currently, military and civilian DoD employees use Common Access Cards (CAC) at their place of work. The Pentagon’s research in the biometrics field has led many to speculate that the purpose is to replace CAC with new technologies. However, Wallace and other officials have made it abundantly clear that CAC is not going anywhere for the time being.
“We aren’t looking to actually replace the CAC,” he said.
DOD is actually looking for an ICAM device that is not “point in time.” Meaning a device remains unlocked for as long as a user session remains open after inserting their CAC.
“What we’re looking for is something that is constant and continuous, but in the background and not invasive to the user’s experience,” Wallace said.
That way, if there is one factor that does not seem right; the device can then ask the user to reauthenticate. Wallace says DISA even ran a pilot test, which watched how a user interacted with their keyboard and a mouse. “You could challenge them if you saw something that was outside of the model.”
So for the moment, it appears the Pentagon is looking for a supplement to CAC rather than its replacement.
Applying artificial intelligence to biometric devices
Biometric technology is not the only new tool the Defense Department is looking to use to update its ICAM strategy. Wallace says artificial intelligence and zero trust are also evolving DoD’s identity management processes. Many of the new methods DoD is researching around assured identity leverage some level of machine learning and AI, as well as zero trust.
It is not as simple as applying those technologies to ICAM though.
“Zero trust is not a singular technology,” Wallace said. “It’s a number of principles that if we adhere to we get a stronger network.”
DoD is working its industry partners on filling security gaps.
Biometrics are here to stay
Wallace says the department’s future with biometrics technology will be all about getting smaller.
“We started with the cellphone, but the reality is we know that’s not the end game, we want to get the wearable, we want to get smaller than that,” he said.
As DoD goes to a model that is more continuous, those will be the technologies needed to bring it together according to Wallace. The next factor they are looking at is not even about identifying humans, but other systems. Mainly, the next question DISA researchers are trying to answer is, “How do we take a lot of these same models and apply them to non-person entities in a network, and make sure their identifying themselves properly?”
Overall, Wallace painted a bright picture for the future of the department’s further use of biometrics.
“I’m very excited about where we’re going and the things we’re seeing emerge.”