How Not to Reinvent the Wheel

September 1, 2010

The federal government is leading the move toward advanced security and identity management solutions. The flashing of an ID card to gain access to a facility and the entering of a password to get on a computer network will soon be replaced with the scanning of a high-tech “smart card” that contains biometric identifiers and that will control both physical and logical (computer system) access.

This, to say the least, is a complicated endeavor. In November 2009, the Federal Chief Information Officers Council and the Federal Enterprise Architecture published the more than 200-page Federal Identity, Credential, and Access Management (FICAM) Roadmap and Implementation Guidance to help direct this effort. A second installment of this document is expected in late 2010.

The success of the federal government’s ICAM project depends in large part on the development of technical standards that maximize the reliability and interoperability of various electronic security devices. As a standards developing organization accredited by the American National Standards Institute, the Security Industry Association (SIA) will likely have a key role in this process.

The SIA standards listed come from the association’s Open Systems Integration and Performance Standards (OSIPS), a family of standards that defines the interfaces to essential components of security systems. Given the importance of both these standards and the FICAM guidelines, SIA has published “Applying OSIPS to ICAM,” a document that illustrates how OSIPS relates to the federal government’s identity management projects.

In short, the document notes that, “OSIPS as a family of standards provides the needed references for acquisition of components of near and future ICAM systems and will materially enhance government’s ability to minimize risks, costs and missteps in its work to improve security throughout its enterprises,” and explains how it can be used to do all of these things.

This is not just about the government, though. The Department of Defense, the Department of Homeland Security and other federal agencies are defining requirements for technologies that, in all likelihood, will be also be used outside of government. The U.S. government is so large, after all, that it would make little sense to reinvent the wheel and establish new standards for the private sector that would require new manufacturing processes and would produce devices that would not be compatible with those at federal facilities. So many of the decisions made today will shape security solutions tomorrow.

All of this makes participation in the standards developing process crucial for stakeholders who do not want others to make decisions for them. We all can help contribute to writing standards that ensure that products are produced that are reliable and interoperable and that meet the market’s needs.

Ronald Hawkins is the communications manager for the Security Industry Association (www.siaonline.org). For more information about SIA or to sign up to receive the Security News Digest, contact him at rhawkins@siaonline.org.

Ransomware and the propulsion of the extortion economy has rapidly eclipsed into a national priority. Recently, we observed the catastrophic impact of a widescale ransomware attack impacting gas pipelines and raising national gas prices overnight.