Experts say culture hinders single smart card

The technology exists to create a governmentwide smart card program, but cultural issues and a lack of top-level management support stand in the way of implementation, experts testified today.

A single government smart card is possible, but managerial and policy differences create difficulties, said Joel Willemssen, managing director of information technology issues at the General Accounting Office.

"It would probably be very difficult to standardize it from a management and policy perspective," Willemssen testified today at a hearing of the House Government Reform subcommittee on technology, information policy, intergovernmental relations and the census.

Agencies have different security clearances and access controls. GAO identified 62 smart card initiatives in varying stages at 18 agencies, Willemssen said. One of the next steps, he said, is establishing a governmentwide employee credentialing policy to streamline employee clearances.

"Once you set that policy, then the technology can follow," he said.

Introducing smart cards for physical access or systems access is often met with hesitation, said Sandra Bates, commissioner of the General Services Administration's Federal Technology Services.

"We've identified that the technology's there," Bates told subcommittee chairman Rep. Adam Putnam (R-Fla.). "We're also talking now about a cultural change, and there are barriers. It's gaining acceptance and top management support."

Obtaining the resources for infrastructure and software is also a major challenge, Willemssen said. The costs can be high, particularly if biometrics and public key infrastructure technologies are included, he said.

Ken Scheflen, director of the Defense Department's Defense Manpower Data Center, agreed. "The infrastructure costs and enabling technologies are the hard part because you really have to change the way people do business," he said.

The Defense Department completed the roll out of the infrastructure for its smart card program in July. The program, Common Access Card, is the most advanced smart card program in the world and can serve as a model for other agencies, Scheflen said.

The government needs smart card standards for interagency interoperability, experts said. The standards would outline the common features of each card, then agencies could add capabilities, Bates said. "Some agencies will always have unique requirements and traits, and that's OK, but you have to have a baseline," she said.

GSA and the National Institute of Standards and Technology have taken steps to create those standards. NIST officials have published two versions of their smart card specifications and are working with agencies and industry partners on program requirements. Similarly, GSA established an Interagency Advisory Board, including NIST and other agencies, to refine the specifications. They also awarded a smart card contract in May 2000 to five vendors to provide smart card services across the government based on these standards.

Featured

  • Cybersecurity

    DHS floats 'collective defense' model for cybersecurity

    Homeland Security Secretary Kirstjen Nielsen wants her department to have a more direct role in defending the private sector and critical infrastructure entities from cyberthreats.

  • Defense
    Defense Secretary James Mattis testifies at an April 12 hearing of the House Armed Services Committee.

    Mattis: Cloud deal not tailored for Amazon

    On Capitol Hill, Defense Secretary Jim Mattis sought to quell "rumors" that the Pentagon's planned single-award cloud acquisition was designed with Amazon Web Services in mind.

  • Census
    shutterstock image

    2020 Census to include citizenship question

    The Department of Commerce is breaking with recent practice and restoring a question about respondent citizenship last used in 1950, despite being urged not to by former Census directors and outside experts.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.