The author of this paper, John Boyd, is a key member of the Sonavation Strategic Advisory Board. Mr. Boyd is a distinguished Naval Officer with 3o years of military experience, and served as Director, Defense Biometrics and Forensics for the United States Department of Defense.
Achieving Confidence in the Identification of People across Defense Operations
16 Nov 2015
The concept of Identity affects a range of equities across the U.S. Department of Defense. Some of the equities are decades old, such as physical access to military installations and logical access to computer networks. More recently, in the conflicts in Iraq and Afghanistan, soldiers and Marines faced an enemy who blended in with the local populace. The confidence in which we determine a person’s Identity impacts operational risks—to mission execution, force protection, etc.
It is important to define the term Identity. A recent report by the Center for Naval Analyses proposed the following: “Identity is an entity’s observed and inferred attributes (biometric, physical, biographical, logical, and contextual) sufficient for a potential decision to be made about that entity. The entity may be a person or a non-person entity [such as a wireless device or computer]. Each attribute value has an associated level of certainty (where possible), a provenance, a history, and (when appropriate) an update frequency.”1 The term “Identity” employed in this article differs from some those more commonly used, such as the association of an individual with certain groups, races, tribes, etc.
The Department of Defense employs Identity across three broad application sets: access, screening, and search. “Access” involves both logical and physical access control, where, typically, an individual presents one or more attributes (such as a card and PIN) for verification to gain a benefit. Screening of individuals is typically applied to operations involving one-to-many searches of an individual’s attributes against identifiable information (such as fingerprints of iris images) in one or more databases. Screening operations address the characterization of personnel, typically those who are trying to maintain their anonymity, to ascertain derogatory information and determine whether or not they are criminals, terrorists, etc. Search typically involves one-to-one matching operations for specific individuals. These individuals could be a kidnapping victim, a downed pilot, or a specific terrorist.
This brief discussion focuses on the confidence in the verification of people in access control applications. As a senior naval officer on the staff of the Secretary of the Navy
(SECNAV) from 2007 to 2010, I engaged the staff of SECNAV’s Chief Information Officer (CIO) on logical access control to Department of the Navy computer networks.
My discussions with the CIO staff led to deeper understanding of the 2010 Quadrennial Defense Review (QDR)—a periodic legislatively-mandated review of Department of Defense strategy and priorities. The analytical sections on computers, logical access, cyber security, and related matters revealed a long list of issues the Department faced (and still faces). More detailed analysis revealed that the top issue focused on the identification of people logging into computer networks—more specifically, the lack of confidence in the identity of people logging into Department networks. The first and essential question concerning cyber is:
“Who exactly is logging onto our networks?”
Based on the QDR and related analyses, Department leaders have recognized that an inability to strongly identify personnel on their networks can fundamentally undermine our cyber security efforts. Our ability to ensure that warfighters, intelligence personnel, purchasing agents, and senior officer receive the correct information in time to make decisions accurately is critical to mission accomplishment. Likewise, it’s important that personnel who are not authorized to access certain information are strongly prevented from doing so.
The DoD is currently using a Combined Access Card, or CAC, as the means for authenticating individuals, along with a user-supplied PIN, for many logical and physical access control applications. The CAC contains template information representing that person’s two index fingers, however the biometrics are employed for access control by exception, rather than as the rule.
The Pentagon Force Protection Agency (PFPA) recently completed a physical access control pilot leveraging the power of biometrics. The pilot employs two credentials (i.e, iris at-a-distance and cards) to more confidently verify those personnel asserting their identity for access to the Mark Center in Alexandria, VA. This pilot proved so successful that, as of early 2015, PFPA planned to leave the system in place for continued operation.
The confidence in identifying people affects operational risk to mission effectiveness and security. Operational risk addresses both the likelihood of an event as well as the consequences of the event on operations. From a force protection perspective, the less confidence we have in identifying personnel entering our installations, the greater the risk we incur. If bad actors enter our installations, they can kill people and blow things up. The U.S. military learned a hard lesson in 2004 when a suicide bomber gained improper access to a forward operating base in Mosul, Iraq and set off a blast,
killing 22 people and injuring 72. As a result, the U.S. Army successfully developed and installed a biometric-based physical access control system to more strongly identify people who entered overseas installations, leading to reduced attacks on our troops on base.
From a logical access control perspective, consider the recent breach of millions of personnel records on the Office of Personnel Management network. The loss of many Identity records of military and government civilians jeopardizes the security of their personally identifiable information with concomitant increased risks in on-line transactions and the potential for blackmail. Perpetrators could use the information to spoof access control systems, and subsequent applications, whereby the bad actors fool the systems into believing that the original person is logging into and using applications.
As operational risks increase, additional and/or different identity attributes may be justified to more confidently identify people. As the cost of computer breaches and improper access to installations increase, DoD could expand the use of credentials, such as biometrics, to improve the strength of identification, reducing the operational risks to mission execution and force protection.
Another area that demands additional attention is standards. Consistent implementation of effective standards across computer networks ensures more repeatable and reliable identification operations, as well as improved interoperability. Consistent standards for policy development and application of business rules will lead to more trustworthy identification operations.
Opportunities to improve confidence in our Identity activities are increasingly available—I’ll address these in more depth in succeeding articles. Achieving confidence in Identity across Defense Operations is crucial. Follow, like & share this article for more insights in the future.
John M. Boyd
1 Bruce Behrens, John Clifford, and Christine Hughes, Identity in the Department of Defense (Alexandria, VA: Center for Naval Analyses, 2012), 80.