FULL CONTACTLESS
In September, the U.S. Department of the Interior (DOI) became the first federal agency to successfully implement the government’s new contactless smart card standard, known as the Government Smart Card Interoperability Specification (GSCIS version 2.1). Beginning at its mammoth Washington, D.C. headquarters, the DOI is using contactless smart card technology as a key element in its new physical access control system and will soon begin using the card for logical (computer) access and for a digital signature application. With the new technology in place, the DOI is likely to be the first federal agency to meet the government’s new contactless security and electronic authentication mandates as well.
The DOI’s contactless smart card system is administered by the National Business Center (NBC), an organization within the DOI that centralizes and provides IT, accounting, human resources and security services to the DOI and other government agencies. Dave Mathews, chief of employee and public services at the NBC, has overseen the implementation of the contactless smart card-based access control system developed by Torrance, Calif.-based AMAG Technology. Mathews came to the DOI in 1989, after serving as chief of Health Services at the Drug Enforcement Administration (DEA). While at the DEA, Mathews directed a drug testing program that serviced five agencies. “When I came to the DOI, that number had blossomed to 80,” Mathews says. “We had developed a very efficient system that allowed us to sell our drug testing services to other agencies at a lower cost than they could achieve by doing it themselves. My hope is that other federal agencies will enjoy similar benefits by modeling their [smart card] systems after the one we have and will continue to develop.”
A Tradition of Innovative Solutions
By an act of Congress on March 3, 1849, the new Department of the Interior was tasked with the massive responsibility of mapping, managing and conserving the United States’ vast natural resources. Over its 154-year history, the DOI has had to adapt to radical changes to remain true to its original mission. From homesteads to Indian reservations, from wagon trails to railroads, from mines to dams to oil wells, the DOI has demonstrated time and again its distinctive ability to create innovative solutions to the challenges at hand.
Today, the DOI’s stewardship has grown to include 507 million acres of surface land (one-fifth of the total land in the U.S.); 457 dams; 348 reservoirs; 1.76 billion acres of the Continental Shelf off the Pacific, Atlantic and Gulf coasts; 388 national parks; 540 wildlife refuges and 1,821 endangered or threatened species. The DOI’s $13.4 billion annual budget and staff of more than 70,000 employees and 200,000 volunteers is dwarfed in comparison to the scope of its task. The ratio of its responsibilities to its resources, combined with a history of visionary leadership, has inspired a culture of innovation within the department that has enabled it to do more with less.
The process that culminated in the DOI’s ground-breaking adoption of the government’s standard for contactless smart cards began 10 years ago in the Nevada desert.
The Journey Begins
Bob Donelson has worn many hats over the years — industrial engineer, mental health counselor, mining surveyor, private investigator to name a few. In 1982, a friend who worked at the DOI’s Bureau of Land Management (BLM) recruited Donelson to help troubleshoot two early IT projects. Donelson’s success with these projects caught the attention of BLM management and secured him a full-time position with the bureau. After spending a few years at the BLM’s Washington, D.C., headquarters, Donelson was promoted to the position of business manager of the bureau’s Nevada region.
A defining moment in Donelson’s varied career path came in 1993 when a bomb exploded on the roof of the BLM’s Reno office. No one was injured, but the explosion caused $100,000 in damage. “Security, especially access control, became an immediate concern,” Donelson recalls. “But when I surveyed a variety of access control systems available at the time I found a complete absence of interoperability — everything was proprietary.” Given the typical federal agency’s longevity and scope of operations, the government is uniformly averse to getting locked into proprietary systems that cannot share information with each other and may not be supported in the foreseeable future. A variety of access control and security systems were installed to address Donelson’s immediate security concerns, and he began a search for an interoperable access control solution.
In 1995, Donelson was again promoted and moved back to D.C. The federal government was in the throes of reinventing itself to comply with the National Performance Review directives set by President Clinton. A number of agencies were investigating the efficiencies and complexities related to the use of smart cards. The Department of Defense (DoD), notably the Navy, played a leading role in these early tests, including a massive pilot project in Hawaii. The smart card pilot program, known as the Multi-technology Automated Reader Card (MARC) program, sought to test the application of contact smart cards for both physical and logical security across the entire Pacific Command enterprise. The Navy’s security systems contractor, Crane, was asked to find a physical access control system that could support smart cards. AMAG Technology was tasked with designing one of the world’s first physical access control systems that used smart cards.
“I found out about the Navy’s smart card program and thought I could do something similar to address the BLM’s need for an interoperable access control system,” Donelson says. Over the next few years, Donelson continued his investigation and was involved in a number of projects that tested the viability of smart cards for both security and business applications. While most of the government attention focused on contact technology, Donelson believed that contactless was a better long-term solution, especially because many of his employees were used to using proximity cards. “Early on I became interested in contactless smart card technology, but did not believe in the mid-1990s that it had matured enough to be reliable.”
Putting the Pieces Together
In 1999, Donelson met Anthony Cieri, then manager of the Navy’s Smart Card Program. “[Donelson] was hoping we could provide technical support in implementing a smart card system within the BLM,” Cieri says. Donelson had secured funding through the BLM’s “Smart Office” initiative to conduct a pilot program testing the performance of contactless smart cards for both physical and logical security. The multiple security systems in use at the Reno office were antiquated and costly to maintain, so that’s where Donelson decided to start.
Cieri introduced Donelson to Roy Hayes of Systems Engineering Inc. (SEI), a systems integrator that had been involved in deploying numerous smart card-based access control systems, including the MARC project. Taking their direction from Donelson, Cieri and Hayes began to work on the technical details of this first-of-its-kind project. Cieri recommended using a card that contained both a contact and contactless chip using MIFARE technology. Employees would use the contactless chip to gain access to the facilities and would use the contact chip for computer security measures like digital certificates. To ensure interoperability among the different access control systems the BLM might use in the future, Hayes suggested that Donelson use a government specification for physical access control called “SEIWG.” SEIWG is a 40-digit sequence developed by the Navy for use throughout the federal government. Hayes also recommended an AMAG access control system, as AMAG had experience with SEIWG and smart cards. Since the MARC program years earlier, AMAG had continued to develop versions of the SEIWG-based access control software and hardware that were being used in federal facilities including the Pentagon.
Donelson took the recommendations to Reno and presented them to the BLM staff there. “He wanted to make sure they bought into the new system before going forward,” Hayes recalls. “When they understood that they would be able to get in and out of the building conveniently and that they wouldn’t have to juggle multiple passwords for computer access anymore, the staff was ecstatic.” In fact, by using the smart card with their computers, some workers went from 10 passwords to one. Others cut their workload by 30 percent by reducing the amount of paperwork they had to handle. And there were other savings, too. “The system reduced our ongoing security costs substantially by integrating the security processes previously provided by four different systems,” Donelson says.
Donelson next decided to test the interoperability of the Reno system by installing a similar system in the BLM’s National Training Center in Phoenix. “We wanted to prove that an enterprise-centric access control system was as secure, but more efficient, than the typical standalone, facility-centric systems used throughout much of the government,” Donelson says.
To simulate the capability of using a centralized cardholder database shared by both locations, Hayes exported the database from the Reno facility and imported it into the new AMAG cardholder database in Phoenix. If the system was interoperable between the two locations, the cards issued in Reno would be recognized when presented to the contactless smart card readers in Phoenix. However, to ensure the security of the facility, Reno cardholders would be unable to gain access unless the Phoenix security personnel granted them site-specific access privileges. Over the course of numerous tests, the system performed as Donelson had envisioned. “The BLM’s Reno-Phoenix test proved the validity of the interoperable contactless model,” Hayes says.
laying Foundations
In mid-2001, propelled by the success of the pilot projects, Donelson began exploring the possibility of deploying a contactless smart card-based access control system that would include all the facilities within the national BLM — and possibly DOI — enterprise. This enterprise system would share a common database, but allow the regional offices to maintain control of granting access privileges to their facilities. Given the volume of employee travel among the DOI’s hundreds of offices, a centralized, single-card access control system would deliver substantial efficiency and savings. When Donelson shared this concept with peers from other DOI agencies, some expressed a reservation about getting locked into a single-manufacturer system. Also, based on his experiences in Reno and Phoenix, Donelson was not confident that MIFARE provided a completely interoperable format.
To address these concerns, Donelson decided to submit his plan to the General Services Administration (GSA) and the National Institute of Standards and Technology (NIST). Both organizations agreed to help Donelson develop a specification for the use of contactless smart cards to be used throughout the federal government. The first step was the creation of an inter-agency committee, the Physical Access Interoperability Working Group (PAIWG) that would explore the issue and develop the standards. Donelson was asked to chair the committee.
“We studied what Japan and Europe were doing and they studied our work as there was a lot of international synergy behind our effort,” Donelson says. Ultimately, the PAIWG organization would publish a detailed specification document that would update the government’s earlier contact smart card specification with standards for contactless technology.
In the summer of 2002, while the PAIWG committee was working on its specifications, Cieri and Hayes continued to work out the details of the enterprise contactless smart card-based access control system. Hayes submitted a plan to Donelson and colleague Tiya Darisaw, BLM business management specialist. Hayes created a simulated system at SEI’s demonstration center in Dulles, Va., using an AMAG Enterprise access control system running on several networked computers connected to controller panels and card readers. Upon seeing the system in action, Donelson decided to take his proposal to the DOI. “Partnering with the DOI made a lot of sense because they had their own full-time security staff and were looking to replace their access control system anyway,” Hayes says.
Donelson and Darisaw took their case to DOI headquarters. They met with Mathews; David Vanderweele, NBC physical security specialist; and Steve Hargrave, the DOI’s chief of security. Mathews said, “I couldn’t see us trying to reinvent what [Donelson] had proposed. We knew we had to move to smart cards sooner or later, and we didn’t want to waste time and resources taking an intermediate step. It was a perfect match and we will end up saving ourselves some money in the process.” The BLM-DOI team called Hayes in to do a demonstration. Mathews wanted a closer look, so he spent a day investigating the simulated AMAG Enterprise system at SEI’s demonstration center.
The Race to the Finish
By mid-January 2003, Mathews and his team had approved the installation of the AMAG Enterprise system at DOI headquarters. The PAIWG committee had not yet completed its specifications, but AMAG agreed to implement whatever modifications were necessary to make the system — including the prototype S731 contact and contactless card reader AMAG engineered specifically for the DOI — compliant when the specifications were published. In addition to the headquarters building, the DOI requested that its building across the street and the BLM headquarters be networked to the central server as part of the initial installation. “After the DOI signed off on the system, we discussed when and how the system should be installed,” Hayes says. Due to security risks, the DOI could not allow any parts of the buildings to be disconnected from the access control system during business hours.
Hayes reviewed the situation with SEI’s chief field engineer, Richard Case. “We decided we could install the system, including all three buildings, over Labor Day weekend. That would give us three-and-a-half days,” Hayes says.
He went to work with his engineering team at SEI, and AMAG developing the framework for the system. In the meantime, Cieri worked with smart card manufacturer Schlumberger and smart card software provider ActivCard to secure the quantity and type of cards the DOI would need for the initial deployment. The cards were supposed to arrive in June, but materials shortages and production problems delayed shipment to mid-August — just two weeks before the system was to be installed. The new cards would have to be issued to 2,300 employees before they left for the long weekend or they would not be able to get in the buildings when they returned. To expedite the card production process, Case exported and cleaned DOI’s cardholder database. SEI then was able to print, encode and deliver all 2,300 cards in a week. This gave Vanderweele’s team just one week to distribute them.
The following Friday afternoon, Case led the SEI engineering team into DOI headquarters to get to work. The team worked through that night and the days following with Vanderweele’s oversight. The existing panels, readers and workstations were removed and replaced with upgraded products. An integrated digital video recording system manufactured by Integral Technologies was also installed to enhance the system’s capabilities. The system networked the three buildings over a virtual private network (VPN), and by Tuesday morning, the new interoperable AMAG Enterprise system and the contactless smart cards that used it were operational.
“I am pleased with the performance of the AMAG system,” Hargrave says. “We are responsible to provide security to over 3,000 employees and other visitors and need to be able to respond to threats, in whatever shape they may take, before they cross our doorstep. The integrated video will help.”
According to Darisaw, the DOI plans to establish a back-up system in Denver and connect the Reno and Phoenix facilities in the near future. San Jose, Calif.-based RFI Communications has retrofitted numerous additional DOI facilities with contactless smart card based-AMAG systems. “The goal is to have all applicable DOI facilities and employees on the system by 2005,” Vanderweele says.
