DISA looks to walk the walk on multi-factor authentication
As the Defense Department looks to move beyond two-factor authentication tied to Common Access Cards (CACs), a key challenge is deciding what other authentication factors can be used. According Lt. Gen. Alan Lynn, the director of Defense Information Systems Agency, an individual's walking gait is likely to be the first factor added to the mix.
"Fingerprints and facial recognition are problematic for a warfighter," Lynn said at a Jan. 11 event hosted by AFCEA's Washington, D.C. chapter. Gloves and dirty fingers are a constant challenge in the field, he explained, while goggles or full masks also could complicate authentication. But "you're going to always have … your walk," he said.
Then-Defense Department CIO Terry Halvorsen announced in June 2016 that CAC cards were not agile or secure enough for future needs, and later suggested that DOD would like as many as "15 factors that we would actually check for identity…and any given day, randomized, we would be using five or six of them." Lynn, however, said DISA is working toward a seven-factor suite for continuous multi-factor authentication.
According to video DISA posted in December, those seven authentication factors include GPS location, voice recognition, facial recognition, device orientation, trusted peripherals and trusted networks, in addition to walking gait. Together, Lynn said, such authentication factors are "better than just your credentials -- it's who you are."
DISA currently is evaluating proposals to deliver such gait-based authentication, and Lynn said "that's the first one that's coming out."
He also stressed that the importance of improved mobile authentication extends from the warfighter in the field all the way to the highest ranks of the military command.
DISA already provides the ability for senior officers to be able to view classified data on a commercial mobile device "that we've modified slightly," he said. Drone footage can be shared, for example, so that a decision-maker can authorize a strike in real time.
"Warfighting is happening on mobile devices," Lynn said. "It's pretty cool to watch."
Troy K. Schneider is editor-in-chief of FCW and GCN, as well as General Manager of Public Sector 360.
Prior to joining 1105 Media in 2012, Schneider was the New America Foundation’s Director of Media & Technology, and before that was Managing Director for Electronic Publishing at the Atlantic Media Company. The founding editor of NationalJournal.com, Schneider also helped launch the political site PoliticsNow.com in the mid-1990s, and worked on the earliest online efforts of the Los Angeles Times and Newsday. He began his career in print journalism, and has written for a wide range of publications, including The New York Times, WashingtonPost.com, Slate, Politico, National Journal, Governing, and many of the other titles listed above.
Schneider is a graduate of Indiana University, where his emphases were journalism, business and religious studies.
Click here for previous articles by Schneider, or connect with him on Twitter: @troyschneider.