DISA looks to walk the walk on multi-factor authentication
An individual's walking gait will be the first biometric used to continuously authenticate mobile warfighters.
As the Defense Department looks to move beyond two-factor authentication tied to Common Access Cards (CACs), a key challenge is deciding what other authentication factors can be used. According Lt. Gen. Alan Lynn, the director of Defense Information Systems Agency, an individual's walking gait is likely to be the first factor added to the mix.
"Fingerprints and facial recognition are problematic for a warfighter," Lynn said at a Jan. 11 event hosted by AFCEA's Washington, D.C. chapter. Gloves and dirty fingers are a constant challenge in the field, he explained, while goggles or full masks also could complicate authentication. But "you're going to always have … your walk," he said.
Then-Defense Department CIO Terry Halvorsen announced in June 2016 that CAC cards were not agile or secure enough for future needs, and later suggested that DOD would like as many as "15 factors that we would actually check for identity…and any given day, randomized, we would be using five or six of them." Lynn, however, said DISA is working toward a seven-factor suite for continuous multi-factor authentication.
According to video DISA posted in December, those seven authentication factors include GPS location, voice recognition, facial recognition, device orientation, trusted peripherals and trusted networks, in addition to walking gait. Together, Lynn said, such authentication factors are "better than just your credentials -- it's who you are."
DISA currently is evaluating proposals to deliver such gait-based authentication, and Lynn said "that's the first one that's coming out."
He also stressed that the importance of improved mobile authentication extends from the warfighter in the field all the way to the highest ranks of the military command.
DISA already provides the ability for senior officers to be able to view classified data on a commercial mobile device "that we've modified slightly," he said. Drone footage can be shared, for example, so that a decision-maker can authorize a strike in real time.
"Warfighting is happening on mobile devices," Lynn said. "It's pretty cool to watch."