Interior gets smart about security

The Interior Department's Bureau of Land Management has embarked on an ambitious plan to equip its 13,000 employees with smart identification cards.

The cards will provide access to the bureau's buildings and computer systems. BLM, which is responsible for managing more than 260 million acres of public land, has offices nationwide and its information technology infrastructure is highly dispersed.

The bureau and other Interior agencies have taken heat for a lack of network protection as part of a class-action lawsuit against the department. U.S. District Judge Royce Lamberth ordered Interior to disconnect from the Internet in December 2001 after a computer security firm was able to break into its systems.

BLM, which was allowed to go back online a year ago, hopes to strengthen its defenses with smart cards.

"Exposure to risks or exposure to liabilities regarding IT security will be minimized," said Bob Donelson, the agency's senior property management specialist. "It's basically a one-stop ID process," he said, describing the cards as easy to use and more secure.

BLM first turned to smart cards as a physical security solution — an effort enhanced after the Sept. 11, 2001, terrorist attacks — and later determined that adding logical access would bolster its business case, Donelson said.

Last year, the bureau launched a pilot project with 1,000 users at a BLM site in Nevada. The response was so positive that officials decided to go ahead with a full-scale deployment sooner than planned. Some workers went from 10 passwords to one; others cut their workload by 30 percent by reducing the amount of paperwork they had to handle.

"Our managers and employees created an expectation," Donelson said. The change in schedule was "customer- driven."

BLM is building its program on the platform used for the Defense Department's Common Access Card, the standard identification for the uniformed services, officials said. The CAC is embedded with a digital certificate that facilitates secure communications departmentwide. Digital certificates are electronic documents that contain information that helps verify an individual's identity.

For the certificate component of its program, BLM selected an integrated solution from VeriSign Inc. that relies on the company's managed public-key infrastructure. The managed PKI system encrypts, decrypts, signs and verifies the authenticity of information transmitted via the Internet. VeriSign's PKI is interoperable with the Federal Bridge Certification Authority, which was designed to link agencies and allow them to exchange data securely.

BLM's cards will store the certificates, which will give users access to several applications, including encrypted e-mail, authenticated Web portal access and digital signatures.

"I think the key benefit is much tighter control of access to their computer systems," said Barry Leffew, vice president of VeriSign's public-sector group.

In addition to security concerns, a driving force behind the initiative is the Government Paperwork Elimination Act's mandate that agencies must offer digital forms and accept electronic signatures by October.

BLM is slated to move more than 400 forms to the Web this year, Donelson said. In so doing, the agency will save money and make a quick return on investment for the smart card program, which received no special funding, he added.

Outsiders have taken note. Among civilian agencies, "BLM seems to be at the lead in terms of using smart cards with digital certificates," Leffew said. "We're seeing a number of pilots. Many agencies are watching this [program] in particular."

Bureau officials expect to issue the cards to all employees by the end of 2004.

***

Feds get carded

The Interior Department's Bureau of Land Management has decided to move forward on a smart identification card program after completing a pilot project.

BLM is not alone. Other civilian agencies that have begun testing or using the technology include:

* The State Department, which began distributing smart cards to employees last year for entry to its U.S. offices.

* The Transportation Security Administration, which has two regional pilot projects in the works for its Transportation Worker Identification Credential System that will provide employees at airports, ports, railways and other locations with secure access to buildings and systems.

Featured

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

  • Comment
    Pilot Class. The author and Barbie Flowers are first row third and second from right, respectively.

    How VA is disrupting tech delivery

    A former Digital Service specialist at the Department of Veterans Affairs explains efforts to transition government from a legacy "project" approach to a more user-centered "product" method.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.