Defense

Halvorsen: Push to ditch CAC cards is moving apace

DOD Common Access Cards 

The Defense Department embraced enterprisewide identity management and authentication long before most civilian agencies did, with Common Access Cards serving as keys to both digital and physical access. So it caused quite a stir in June when DOD CIO Terry Halvorsen announced that the Pentagon was "embarking on a two-year plan to remove CAC cards from our information systems."

Halvorsen reiterated those plans at a Nov. 1 event hosted by FCW's sister publication Defense Systems.

"I've got a group of nations now who've agreed, we've got to have a single identity standard," he said, adding that those nations include Australia, Canada, New Zealand, the United Kingdom and several other NATO partners. "And we've got of have a multi-factor, agreed-upon security measure to ensure that identity."

That agreed-upon standard will not be the CAC card, Halvorsen stressed.  "CAC cards aren't mobile and agile enough," he said. "And frankly, in two years they don't represent the level of security we want.  So we will be doing something else."

Ideally, he said, the U.S. military and its allies will move to a system that incorporates as many as "15 factors that we would actually check for identity…and any given day, randomized, we would be using five or six of them."

Those factors would include biometrics, behavior metrics and probably some data metrics, Halvorsen said. And no one would know which factors were being authenticated for a given login; algorithms would automate the ever-changing combinations.

The department is deliberately not specifying exactly what comes after CACs, however. "Instead of doing a big spec," Halvorsen said, "we basically said, 'Listen, we want to maintain this level security without a CAC card requirement. That is the only requirement.'"

And the early results are promising. "It has been amazing the type of technology that industry brought us…stuff that we would never have thought of," Halvorsen said. "I think that is proving to us internally that this works."

About the Author

Troy K. Schneider is editor-in-chief of FCW and GCN.

Prior to joining 1105 Media in 2012, Schneider was the New America Foundation’s Director of Media & Technology, and before that was Managing Director for Electronic Publishing at the Atlantic Media Company. The founding editor of NationalJournal.com, Schneider also helped launch the political site PoliticsNow.com in the mid-1990s, and worked on the earliest online efforts of the Los Angeles Times and Newsday. He began his career in print journalism, and has written for a wide range of publications, including The New York Times, WashingtonPost.com, Slate, Politico, National Journal, Governing, and many of the other titles listed above.

Schneider is a graduate of Indiana University, where his emphases were journalism, business and religious studies.

Click here for previous articles by Schneider, or connect with him on Twitter: @troyschneider.


Featured

  • FCW PERSPECTIVES
    sensor network (agsandrew/Shutterstock.com)

    Are agencies really ready for EIS?

    The telecom contract has the potential to reinvent IT infrastructure, but finding the bandwidth to take full advantage could prove difficult.

  • People
    Dave Powner, GAO

    Dave Powner audits the state of federal IT

    The GAO director of information technology issues is leaving government after 16 years. On his way out the door, Dave Powner details how far govtech has come in the past two decades and flags the most critical issues he sees facing federal IT leaders.

  • FCW Illustration.  Original Images: Shutterstock, Airbnb

    Should federal contracting be more like Airbnb?

    Steve Kelman believes a lighter touch and a bit more trust could transform today's compliance culture.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.