Navair pioneering NMCI, smart cards

Naval Air Systems Command's NMCI site

The Naval Air Systems Command, the first organization to implement the Navy Marine Corps Intranet, also will be among the first to implement the Pentagon's newly introduced smart card.

The Common Access Card is based on smart card technology that stores and processes information on an embedded microprocessor chip. It was introduced publicly during a press conference Tuesday in the Pentagon and combines public-key infrastructure technology for network security purposes and personal identification information.

The cards, which are in beta testing now, will become the departmentwide identification card to be used for electronic commerce, access to facilities or networks, creation of digital signatures for e-mail, and storing encryption information. In addition, the cards eventually could include such things as medical and dental information.

"This will go to all of our active duty, reserve, civilians and select contractors," said Bernard Rostker, undersecretary of Defense for personnel and readiness. "It is a card that puts us in the forefront of e-commerce and security with the advent of bar coding and magnetic strips and, for the first time, a smart chip."

Because Navair, Patuxent River, Md., will be the first organization to implement NMCI, a $6.9 billion program awarded last week to Electronic Data Systems Corp., it also will be among the first to receive the Common Access Cards. Computer workstations delivered to Navair as part of the NMCI program will come equipped with readers for the smart cards, according to Pentagon officials.

The computers containing that personal information will be owned and operated by the Defense Department, not by contractors making the cards, Pentagon officials said. The smart card contractors will supply the cards only; the Pentagon will place the information on them.

DOD deputy chief information officer Paul Brubaker and others said it is difficult to determine how long the testing phase will last, but he added that they hope to begin fielding an initial capability in 01/and to issue the cards departmentwide within a couple of years.

The cards also are being tested by several other organizations within DOD, including the office of the assistant secretary of Defense for command, control, communications and intelligence, which is ultimately in charge of both NMCI and the smart card programs. Brubaker described the office's willingness to test the cards as "eating our own dog food."

Beginning this month, the military intends to issue 50,000 cards. The cards hold 32K of memory, 13K of which will be set aside for digital certificates and another 7K for use as each service sees fit. Although the cards will contain some personal information, such as name, rank, serial number and blood type for military personnel, DOD might decide to limit how much information is placed on the cards.

"We're actually trying to dumb down the card a little bit so that when you plug the card in, a computer registry somewhere will tell you information about that person," Brubaker said. "We don't want a lot of that data, even though it's encrypted, to be floating around on a card until we test it."

The program is being conducted jointly with the General Services Administration, and the Pentagon will rely on multiple vendors to encourage competition and a ready supply.