When the NASA Space Shuttle Columbia imploded 15 minutes before its scheduled landing at the Kennedy Space Center three years ago, government workers from the FBI to the U.S. Forest Service formed a national response team to find its remains in eastern Texas and western Louisiana.
Robert Beck, an EPA contractor with Weston Solutions, led a 200-person contingent to the region on a Saturday afternoon. Their mission: Quickly locate the toxic remains of the shuttle’s equipment.
Back in 2003, contractors like Beck had to report to a disaster response site and sign into a log sheet to allow senior government management to track their arrivals and departures. “Our staffing people spent a lot time tracking the arrival and departure of our team members,” the EPA contractor said.
In a couple of years, the need for first responders to log their credentials with a pen and a piece of paper every day could be easily replaced by the government smart card. According to Jim Lowder, MDI Security Systems’ chief technology officer and vice president of engineering, a smart card could be programmed to track when a first responder like Beck arrived on a disaster scene.
“The smart card of the future could not only alert a senior manager when a person with critical skills arrived on his database, but it could also provide their full resume of skills and expertise,” said Lowder.
“Imagine that two people have to work together for the first time in a crisis situation,” he added. “There’s no time to go over a person’s qualifications in a formal interview. A smart card could lay out critical skill sets for a disaster’s leadership team, so they can assign them to duties commensurate with their skill sets.”
For Beck, one of the biggest problems for his team during the Columbia disaster was finding qualified first responders who had experience using Global Positioning Systems.
Tony Robinson, the Region 6 Director for FEMA, said credentials like this would have helped his team identify the professional capabilities in this disaster. However, he noted during a recent speech at the Fiesta Informacion convention that there was a need for security credentials during the cleanup efforts that followed Hurricane Katrina and Rita.
“This was the first time that we had first responders shot at during their duties,” he said. “There will be a higher security need in the future for a common access card.”
Within the next couple of years, every government employee could also carry similar credentials with comparable capabilities. When President George Bush signed Homeland Security Presidential Directive 12, it mandated the establishment of a standard identification credential for each government and contract worker. Within the next five to ten years, some government marketing security firms anticipate that as many 40 million people will carry a card with these unique credentials.
HSPD-12 will bring together logical and physical access control functions that will benefit the government and its customers. However, it also raises some new challenges.
“This new federal credential provides both physical and logical access on a single credential obligating agencies to address issues that were previously handled by separate functional groups,” said Lowder. “In a few years, the same ID card could provide access to different government agencies at various locations located miles from each other. Furthermore, the credential could be used for identification and skill verification at the federal, state or local level.
“To help agencies like FEMA respond to future disasters, there will be a need for a common security management platforms to unify all of these cards,” he added.
Dave Kovach, director, identify management for Telos Corporation, said the Defense Manpower Data Center has created a common access card (CAC) that has provided standard credential for the military.
“The Air Force has taken the lead on creating a standard card that allows its members to store their Defense Eligibility Enrollment Reporting and other data,” he said.
At MDI, Lowder has been working during the past with the U.S. Marine Corp to design a security management system that allows a Leatherneck to use the same card at various duty assignments.
Once such cards hit full production in the government sector, here are some of the possible benefits for its customers as well as many enterprise operations.
Shorter airport lines: Ever stood in a line at a major airport? A government smart card could verify a person’s characteristics. With the addition of a biometric measuring tool such as a fingerprint or facial scanning, an airport security guard could prove the positive identity of each passenger eliminating the hassle of removing shoes and the belt buckle. European airports are already working towards a standard that combines the biometric with a smart card.
Border crossings: In Europe and Canada, border crossings are tracked with smart cards. In Canada, immigrants crossing into the U.S. have been given a fraudulent smart card that allows both countries to monitor the movement of people. The new Canadian card has been recognized by the International Card Manufacturers Association.
Education: Most universities, high schools and middle schools issue their students ID cards. Some are loading the capability to pay for meals and the use of a school computer system. These same cards could also be used to provide a student access to his or her dormitory.
Financial allocations: The new smart cards can also become a credit card, allowing federal employees to pay for emergency expenditures such as purchasing water and supplies for emergency shelters during Hurricane Rita, Hurricane Katrina and Hurricane Wilma.
Major credit card companies now are conducting beta tests of these cards as alternatives to the more traditional, individual plastic credit cards. According to the Smart Card Alliance, the speed, convenience and control of this payment option resulted in consumers favoring this option. U.S. transit systems and ExxonMobil also have started accepting payments through smart cards.
“Compared to our friends in Europe and Asia, we are far behind them in this capability,” said Jim St. Pierre, president of MDI Systems Federal Group.
“In order for the United States to get up to speed on this, our leadership must agree on a single unified standard,” added St. Pierre, a founding member of the Smart Card Alliance. “We’ll need a technology protocol that is secure, encrypted and not replicable by unauthorized users.”
Medical records: Imagine that a New York resident with allergies to two types of medicine was visiting Chicago and was admitted to an emergency room. By scanning the database of a person’s identification card, a doctor or nurse could learn about those special medical needs. This database could also have a person’s complete medical records including detailed records of surgery. It also could list a person’s blood type, their willingness to donate blood and other critical medical information.
National incident management: The smart card of tomorrow will identify first responders and their qualifications at the site of an incident, so they may move rapidly into, out of, and with an area in a trusted and secure manner. This credential will easily integrate the National Incident Management System when an event warrants the need to quickly identify professional responders from those not authorized into a containment area.
For Beck, the transition to the new credential is most welcome, especially with his firm’s cleanup work in the wake of Hurricane Katrina and Rita.
“We’ve advanced to the point that people can log into a tracking system online, but if there was a way to log people into mobile systems, it would make things better for contractors like me,” he said.
Bruce Mather, the chief technology officer of Onboard Software, said his San Antonio, TX., company is working on an ID card that could store more information than the current CAC cards. “The problem is that the cards that can hold this data are four millimeters in size compared to the .76 mm size of the standard CAC,” he said. “We are working towards shrinking the chip size to make the card smaller.”
Mather said a new card prototype will soon measure at two millimeters, but that the chips needed to make it as thin as the traditional ID cards issued to government workers will be developed within the next 12 to 18 months. V
SIDEBAR 1: Sun Java Card Adds Contactless, Biometry Support
Sun Microsystems of Santa Clara, Calif., just released version 2.2.2 of its Java Card platform specification. It adds contactless capabilities and biometry support for smart card chip manufacturers, smart card vendors and Java Card platform implementation providers to embed into their products. Card issuers such as telecom service providers, payment associations and government IT agencies stand to benefit from the enhanced security and interoperability. Details at www.java.sun.com/javacard.
"The Java Card platform has already seen tremendous success in the GSM telephony markets," noted Lisa Donnan at Sun. "With the new Java Card specification, Sun continues to make strides in developing security technologies for real world applications. U.S. government initiatives such as the PIV project supporting HSPD-12, e-Passport, SAFE and HIPAA which may require enterprises to issue ID cards to employees are good potential Java Card environments."
SIDEBAR 2: Credential Requirements
According to the non-profit Smart Card Alliance, the Presidential directive HSPD-12 requires the federal credential (the PIV card) be secure and reliable, which is defined as a credential that:
- Is issued based on sound criteria for verifying an individual’s identity;
- Is strongly resistant to identity fraud, tampering, counterfeiting and terrorist exploitation;
- Can be rapidly authenticated electronically; and
- Is issued only by providers whose reliability has been established by an official accreditation process.