Meeting Of The Minds

To bolster physical security while boosting government efficiency, U.S. federal agencies are starting to use a newly revamped smart card architecture known as the Government Smart Card-Interoperability Specification (GSC-IS) 2.0.

Four linchpins of government — the Dept. of Defense (DoD), State Dept., Treasury Dept., and General Services Administration (GSA) — plan to demonstrate its interoperability by the end of this year, through the newly-created Interagency Interoperability Task Force (IITF).

GSC-IS was first developed by the National Institute of Standards and Technology (NIST) in 2000, and GSC 2.0, released in early 2003, is the first update to the original standard. “The purpose of the IITF is to demonstrate smart card interoperability across agencies,” says Lolie Kull, a senior security specialist at the State Dept., who also serves as IITF chair.

Despite the new interoperability architecture, though, federal agencies will still be able to set their own policies about everything from clearance levels to biometric identifiers. A DoD employee, for example, wouldn’t be able to access State Dept. facilities without the proper clearances, even with all agencies’ cards and readers adhering to the same interoperability standard. Employees holding clearances with multiple agencies will only need to carry a single card, rather than a pocketful.

“We have 20 different agencies at some of our embassies,” Kull noted in a May speech at the CardTech/SecurTech (CTST) Conference and Exposition in Orlando, Fla.

Employee convenience is hardly the lone reason for the government’s interest in smart card interoperability. In a report submitted to Congress in January, the General Accounting Office (GAO) said that, as of November 2002, 18 different federal agencies had initiated a total of 62 smart card implementations. In a set of recommendations stemming from the report, the GAO called for interoperability across government smart card systems. “Developing standards to ensure that smart cards, card readers and related technologies such as biomerics can interoperate across government will be critical to realizing the benefits that could be achieved by investments in such technologies,” the report says.

The U.S. government’s upcoming IITF interoperability demo will incorporate several types of equipment for physical access control, including tokens (access cards), readers, access control system (ACS) panels and ACS headends. IITF deals only with the use of smart cards for accessing doors and other physical entrances, as opposed to securing access to computer networks.

“We need to make sure physical access becomes the first step. It hasn’t been, up to now. If you’re going to protect your physical infrastructure, you’ve got to protect your front door,” Kull says.

The four participating federal agencies, however, are at different levels of deployment. As of July, all four already had smart cards on hand. But Kull says that only the GSA and the State Dept. have card readers available.

At CTST, Kull explained that the IITF plan of action includes preliminary steps before demonstrating the systems that include:

• gaining agreement from agencies to place SEIWG (Security Equipment Integration Working Group, a standard for storing data about individual card holders) data in accessible physical container/applets;

• determining an authentication method for ensuring trust between agencies;

• defining enrollment equipment that may need to be purchased for the demonstration; and

• involving and educating agencies’ physical access offices.

As of mid-July, the DoD was still awaiting the readiness of SEIWG container technology for use in the demo. “We’re now hoping to do an interoperability demo in late August or early September,” Kull says. “We might do things in stages, though. We could start out by doing a demo here at the State Dept., for example, using our readers.”

In her talk at CTST, Kull dubbed physical access “the missing piece” in smart card development.

IITF participation isn’t limited to the DoD, State Dept., Treasury and GSA, however. “Any federal agency with (smart) cards is welcome to join,” Kull said.