Cybersecurity
“If they come up with a technology solution that doesn’t require a card, that may or may not solve the problem depending on...how difficult it is to deploy”.
FORMER DOD CIOTERI TAKAI
“DOD really led the way from the standpoint of the CAC card in terms of what would be used across the fed- eral government,” she said. “One of the challenges that we faced when I started at DOD was just really even getting the rest of the federal agencies to imple- ment the CAC card.”
Takai said the complexity of deploy- ing the CAC should inform the choice of the next technologies. “If they come up with a technology solution that doesn’t require a card, that may or may not solve the problem depending on...how difficult it is to deploy,” she added.
DOD will also have to consider the extent to which new technologies can be deployed centrally and how and when local control is necessary, Takai said.
Although there are a number of barri- ers to implementing a new identity man- agement solution, she said culture will be less of a problem than it has been with other DOD reforms. “I think folks would love to find a solution that takes a lot less work to deploy than the cur- rent CAC,” she added.
Still, she advised those hoping that DOD will select a solution quickly to be patient and let the evaluation process take its time.
“This is one case where it’s really important to be thoughtful, to get the right solution, and then the time to really worry about a hurry-up is in terms of getting it deployed quickly,” she said. n
and managed by the government,” he said. “Establishing the policy context for federating these types of capabili- ties with mission partners is something we’re already working on.”
Plurilock, one of the companies part- nering with DIUx, produces a behav- ioral biometrics platform designed to quickly learn how each user handles his or her mouse and keyboard and then continuously monitor the user profile to allow system access.
Plurilock CEO Ian Paterson told FCW that DIUx is evaluating the company’s software in a test environment on dif- ferent platforms with a final goal of deploying it on a production, unclas- sified network.
“DOD is using the same product that our financial services clients are using,” said Paterson, who added that the DIUx contract is the first federal deal for the company.
While he could not disclose the terms of the contract, which DIUx awarded in April, Paterson said he expects the project to serve as a stepping-stone for the company to move into more busi- ness with other federal agencies.
Yubico, which already does business with the federal government, has just completed a pilot program with DIUx to test the company’s YubiKey USB authentication device on more than 70 DOD platforms. Jerrod Chong, Yubico’s vice president of solutions, told FCW that his firm’s open-standard device
worked with more than 90 percent of the DOD systems in the test.
“We were quite surprised, and they were quite surprised,” he said of the results. He added that there were some challenges with deploying the device in some combat scenarios, and there were other use cases the firm had not antici- pated from its commercial applications.
Chong said Yubico and DIUx are sort- ing out the details and scope of the next phase of testing, and the company is evaluating back-end configuration changes to make the key compatible with all the devices in use at DOD. Phase two will involve more field-testing of the key in the hands of warfighters, he added.
Learning from CAC’s deployment
Clancy said that regardless of which products DOD ultimately selects, Pen- tagon officials want to ensure flexibility and avoid being tied to any particular solution.
“DOD’s current architecture and governance already facilitate a holistic, end-to-end view of identity, and support flexibility and future-proofing,” he said. “We’re continuing to improve that pro- cess and structure.”
Former DOD CIO Teri Takai said that in addition to making sure what- ever solutions DOD chooses are as forward-looking as possible, the depart- ment must consider the implications of its choices for other federal agencies.
38 August 2017 FCW.COM