DoD, USDA putting secure ID cards to work

Friday - 5/28/2010, 7:12am EDT

WFED's Jason Miller

Click below to hear the report on The Federal Drive

Download mp3

By Jason Miller
Executive Editor
Federal News Radio

Homeland Security Presidential Directive-12 is moving out of the issuing stage and into the usage phase.

Almost 90 percent of all federal employees have secure identification cards and, according to agency and industry experts, it's time for agencies to look for ways to make federal buildings and computer networks more secure.

"There will be a demand," says Tony Cieri, a consultant to the Interagency Smart Card Advisory Board (IAB) at the board's monthly meeting in Washington Thursday. "It's time to use these cards."

The Agriculture and Defense departments are doing just that.

Since 2007, DoD has mandated employees use their Common Access Cards (CAC)-their version of HSPD-12-to log onto the military's computer networks. It also is implementing physical access security systems that require employees to use their CACs to enter a building or facility.

Now, DoD is in a proof of concept in Salt Lake City where about 122 employees from five federal agencies have linked their secure ID cards with the mass transit system.

"They are riding the light rail, the commuter rail and some 520 buses," says Bob Gilson, a program management analyst at DoD's Defense Manpower Data Center, speaking at the IAB meeting. "In the next three months, we are going to expand that to be able to use van pools, which hasn't been done anywhere before and that will be associated with Hill Air Force Base. We will probably run that for the next 6 or 7 months collectively."

He adds the goals are to show the cards work with the transit system's technology and that DoD can keep track of the money being spent. Right now, DoD is managing the funds manually, but eventually would look to do it electronically.

Gilson says DoD pays transit benefits to employees annually or quarterly and requires employees to come to benefit offices to collect their paper transit cards.

The goal is to automatically add the benefits to the CACs. Washington Headquarters Services, which manages the transit benefits in the D.C. metro areas, already has automated the enrollment process, and next will automate the back end accounting processing and the uploading of benefits to the SmartTrip cards. Gilson says it may be 2-to-3 years before money is put directly on the CACs.

"Those benefits will save processing time, processing money, people time in terms of having to go to benefits issuing stations quarterly for almost 36,000 people," he says. "We gotten only positive feedback from all the transit agencies we have talked to across the country. They see the potential, not just with DoD, but with contractors and state and local government employees."

Gilson adds putting transit benefits on CACs also will reduce fraud and abuse.

DoD's former inspector general Thomas Gimble told Congress in 2007 about potential abuses of the Pentagon's transit benefit program.

"Once we migrate to a card that is unique for everybody, then you are not going to giving it to your friends or neighbors or selling it on e-Bay," he says. "You can right off the bat you can significantly reduce what is innocent fraud by 60-70 percent. Then from that point on, we will be able to continually monitor it and how it's issued and possibly reduce it even more."

DoD also is discussing with banks how military servicemen and women and civilians could use the CACs as debit, ATM or pre-paid credit cards.

USDA, meanwhile, is focusing its efforts internally. For the last five years, the department has been a lead agency in using secure ID cards.

Owen Unangst, USDA's director of Innovations and Operational Architecture, says the agency is upgrading its use of Computer Associate's SiteMinder software to require employees to use their HSPD-12 cards for network and application access.

Unangst, speaking at the IAB meeting, says by July the first four or five applications, including AgLearn and a financial management system, will use the credentials. By March 2011, Unangst says about 59 applications will require the secure ID cards for access.

"We are moving in some cases from 35 different log-ons and passwords to one single credential," he says. "We are using that for the desktops. We are moving in the same way for our 356 Web applications that we have behind E-Authentication. We also are moving that way to have single sign-on for our remote access virtual private network."

USDA also will use the HSPD-12 cards to digitally sign e-mails and other documents, and to encrypt e-mails.