Government outpaces private sector in 'smart' identity cards

Tuesday - 11/8/2011, 12:23pm EST

Randy Vanderhoof, executive director, Smart Card Alliance

Download mp3

By Jack Moore
Federal News Radio

Federal agencies have made such progress on personal identity verification cards — or PIV cards — that they now mostly lead the private sector in efforts to develop and secure them.

Federal agencies are locking down their buildings and systems with smart cards under HSPD-12, a 2004 directive from the Homeland Security Department setting standards for identity and access cards.

It also turns out, though, that government mandates have paved the way for organizations outside of government to similarly tighten security standards.

Randy Vanderhoof, the executive director of the Smart Card Alliance, told the Federal Drive with Tom Temin and Amy Morris that the government has taken the lead in smart card security standards.

Government took the lead

"The government took the lead back in 2004 with the passage of HSPD-12 to develop a secure, interoperable identity credentialing and access management solution for the federal government ... And now that same technology is being adopted in the commercial world as well, since it's worked so well for the federal government.," Vanderhoof said.

However, it has taken time for the government to actually implement the use of the smart cards, Vanderhoof acknowledged, which he said was because the government has been focused on first issuing the cards — "a not insignificant task," he said.

Now, the government is about 95 percent done with that step, he said, and ready to focus on implementing access-control systems and internal security systems for networks.

However, it's not necessarily a straight line from the government using the cards to the private sector doing so.

"I think the federal government designed a set of specifications that had to meet their unique needs," Vanderhoof said, pointing to the need for greater interoperability that would allow the cards to work across all sectors of the government. He cited the example of a Defense Department employee being able to access secure facilities at the State Department.

However, interoperability is not necessarily as strong of a requirement for a commercial buyer, he noted.

The end goal of the use of such smart cards is the ability to use a single card for both physical access — swiping in and out of federal buildings — and virtual access to computer networks.

Upward tend

What has not quite happened yet is a complete merging of the two sides of the security industry.

"It's taken a while for the physical access side of the security industry and the computer or IT side of the industry to begin to work together on a common identity credential platform and then a common security implementation that addresses the need for both accessing the facilities as well as accessing the information within those facilities," Vanderhoof said.

Nevertheless, Vanderhoof said the use of PIV cards is "a trend upward," he said.

The heightened awareness of and growing sophistication of cyber threats has only made secure ID cards more attractive for both government and commercial customers.

"This is really a need for the security industry to step up its game and to come up with ways to not only address the problem today but put a platform in place that three years from now, five years from now — when we have even more sophisticated attacks — we have better defenses to prevent that from happening."

RELATED STORIES:

Exclusive: DHS mandates HSPD-12 card use

Agencies using HSPD-12 as 'glorified ID cards'