Applying FIPS 201 to aviation security and counter-terrorism information sharing
Would implementation of PIV based access control help improve the performance of the intelligence community? One expert wonders whether the fundamental ability of PIV and PIV-I to improve creation, distribution, and access to information is fully appreciated by the U.S. intelligence community and DHS
President Obama characterized the 2009 Christmas Bomber incident as a failure on the part of the “system” to address a threat. Salvatore D’Agostino of IDmachines writes in Digitial ID News that problems with information sharing again play a major villain.
He writes that at IDmachines, they wonder whether the fundamental ability of PIV and PIV-I to improve creation, distribution, and access to information is fully appreciated by the U.S. intelligence community and DHS.
“It is a new decade and one that will clearly see the widespread adoption of PIV and PIV-I credentials across federal, state and local governments and critical infrastructure enterprises,’ he writes. By providing a common, trusted, standard, interoperable, high-assurance identity credential FIPS 201, creates a straightforward path to information sharing.
The Department of Defense uses its version of PIV, known as the Common Access Card, for network log-on among its public key-enabled applications. “Is this true for the widespread intelligence community and the many data sources and individuals who need to network?” D’Agostino asks.
He suggests that it is time to mandate that all intelligence databases and Web sites leverage this standard for access. The PIV Authentication Certificate — which by definition is two factor, certificate plus PIN — and an additional biometric on the credential can be used to authenticate a user to intelligence resources pretty easily.
“The intelligence community, including DHS, needs to make sure that those who need access have these credentials. They need to implement access control that uses them. They need to certify their information technology infrastructure supports PIV and federated access. Information sharing is a fundamental benefit to PIV and is there for the taking with relatively minor investment. And it’s consistent with the federal enterprise architecture,” D’Agostino writers.
Now that it is done, the next logical step is to expand the interoperability to critical infrastructure. By issuing PIV-I credentials to critical infrastructure the same authentication methods and access control applications, policy and infrastructure could be used by all the sectors involved with the National Infrastructure Protection Plan and the Information Sharing and Analysis Centers.
“Information sharing has to be based on standards for secure, high-availability access using generally available solutions. PIV and PIV-I do this now. Given recent events an emphasis needs to be placed on getting this funded and done as quickly as practical,” he concludes.
