Subscribe to the Free Print Edition!
Celebrating 25 Years

GCN Home > 01/23/06 issue

ID management gets physical

By Brad Grimes, GCN Staff

Last November, a revised document from an interagency working group laid out the following scenario, illustrating one of the biggest technical challenges for agencies complying with Homeland Security Presidential Directive-12: A government employee receives a smart card that lets him into his building. Eventually, he’s assigned to a project in another state and needs access to that facility using the same ID. Then his work takes him to a separate agency where, with proper authorization, his card should allow him through that door, too.

But today, that can’t happen. And making it happen will be a significant undertaking, one that will require careful planning, wholesale infrastructure upgrades and changes in the way agencies manage security.

The Physical Access Interagency Interoperability Working Group has prepared Technical Implementation Guidance: Smart Card Enabled Physical Access Control Systems. The document should help agencies integrate what has commonly been the quintessential stovepipe system—building access security—with an overall personal identity verification architecture that bridges physical- and logical-access control within and among disparate agencies.

“PIV is going to do a lot for pushing [smart-card] technology forward and getting the physical-access guys to come on board,” said Mike Butler, chief of smart-card programs in the Defense Department’s Common Access Card Office.

Perhaps the first and most basic challenge facing agencies is the fact that physical-access control systems are islands unto themselves. Physical security usually is handled by a different group—trained in “guns and badges,” as experts describe it—from the people who handle information technology.

Physical-access control systems will have to become network-based if they’re to deliver on the promise of HSPD-12.

“More and more IT departments are getting involved with these systems,” said Michael Regelski, vice president of engineering at Lenel Systems Inter- national Inc. of Rochester, N.Y.

Lenel has worked on physical security for various agencies, including NASA, which Regelski says is furthest along in integrating physical- and logical-access control.

But if it comes down to a turf battle, the need to keep bad guys out of a building could trump smart-card access to network resources.

“Between the physical and the IT organizations, the ones who have the upper hand in many agencies are the physical, because they have the authority to issue badges today,” said Jeremy Grant, vice president for enterprise solutions for Maximus Inc. of Reston, Va. “As a result, a lot of agencies are really looking at logical access only as an application that can be supported on the card.”

More news on related topics: Authentication / Identity Management, Identity Management, Management, IT Management



GCN Popup