Defense

DOD IT is killing CACs

DOD Common Access Cards

The military is ditching the computer Common Access Card reader.

"We are embarking on a two-year plan to eliminate CAC cards from our information systems," Defense Department CIO Terry Halvorsen said at a June 14 event sponsored by FedScoop and Brocade.

"Frankly, CAC cards are not agile enough," Halvorsen said, noting, "It is really hard to get you a CAC card when people are dropping mortar shells on you and you need to get into your system. That doesn't work."

Halvorsen said the Pentagon will be looking to move to a new hybrid user authentication model, "true multi-factor," that will combine biometric, behavioral analytics and passwords.

He said Pentagon officials will be working with NATO allies to develop a standard authentication process, so that NATO forces can better share IT functions.

CACs may still have a role for things like building access, Halvorsen added. The CAC announcement was one of several bits of news the DOD CIO dropped in his appearance.

Halvorsen also promised a new data center closure panel, made up of government and industry members, which will choose one of the Pentagon's top 50 data centers to close and determine where to route the homeless data. He also teased a DOD move to an "on-prem cloud-based system that will include hybrid cloud and public cloud." That formal announcement will come this summer, he said.

For contractors in the audience, Halvorsen sought to recast the traditional Pentagon-vendor relationship. Given constrained defense budgets, Halvorsen said, industry can't pitch projects that cost the Pentagon $100 million up front and will pay off only after several years

"You're going to have to share in that investment, and [then] share in the return," he told vendors, indicating a desire for creative arrangements.

Another ask: completely autonomous cybersecurity tools. With the lightning speed of digital attacks, Halvorsen said, "I can't have people in that loop" of breach response.

The DOD process of certifying commercial technology is "completely broken," Halvorsen also noted, echoing earlier comments. He expects to be able to offer larger, trusted firms some level of self-certification.  

"All of the upcoming changes will require close partnerships between the military and industry," Halvorsen added, and it will all need to happen as systems stay up and running.

"Unfortunately my business is growing: we're deployed everywhere," he said.

About the Author

Zach Noble is a former FCW staff writer.

Featured

  • Defense
    Ryan D. McCarthy being sworn in as Army Secretary Oct. 10, 2019. (Photo credit: Sgt. Dana Clarke/U.S. Army)

    Army wants to spend nearly $1B on cloud, data by 2025

    Army Secretary Ryan McCarthy said lack of funding or a potential delay in the JEDI cloud bid "strikes to the heart of our concern."

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.