US government biometric smart-card deadline looms

IT security and smart-card vendors are looking at the directive as a boon to business

Many U.S. agencies are "on track" to meet a Friday deadline to begin issuing smart identification cards, although the U.S. government is not giving out the specific number of agencies likely to be in compliance.

Agencies are in the process of preparing to comply with U.S. President George Bush's Homeland Security Presidential Directive 12 (HSPD-12), said Andrea Wuebker, deputy press secretary at the White House Office of Management and Budget (OMB), on Thursday. To meet the deadline, agencies must have technology in place to issue smart cards to employees and contractors, but they aren't required to have issued a large number of cards.

"Homeland security is a top priority for this administration, and the Homeland Security Presidential Directive will help increase the level of protection at our federal facilities and for our federal employees and contractors," she said by e-mail.

While OMB didn't provide specific numbers, Tom Greco, vice president for enabling infrastructures for IT security vendor Cybertrust, said Thursday he expects about 80 percent of U.S. agencies to meet the deadline. Most agencies are working through contracts managed by the U.S. General Services Administration or the U.S. Department of Interior, and those are "well on their way to being compliant," he said.

As some agencies apparently rush to meet the deadline, IT security and smart-card vendors are looking at the directive as a boon to business. While many agencies will initially use the cards for physical access to buildings, and perhaps access to computers and networks, vendors predict that agencies will use the cards for a variety of functions, including encrypting data, authenticating e-mail senders, identifying beneficiaries of government worker benefits and even paying for transactions as a debit card.

The Stanford Group Co., a research analysis firm, predicted in July that HSPD-12 spending would be about US$1.3 billion over five years.

"The people at the agencies realize the task ahead of them is a multiyear task," said Greco, whose company has worked with the Department of Veterans Affairs and other agencies on HSPD-12.

Compliance with HSPD-12 will lead agencies to issue millions of smart cards with multiple uses, and the convenience the government cards offer will lead to private companies such as credit card vendors issuing their own multi-use cards, predicted Jason Hart, chief executive officer at ActivIdentity Corp., which announced this week that the Department of Defense and Transportation Security Administration have purchased its smart-card issuing software.

More than 50 million government cards could eventually be issued, he said. HSPD-12 will kick off an "evolution of ID," he said.

But Michael Gibbons, vice president of federal security solutions at Unisys Corp., said Friday's deadline is a small step toward the potential of smart ID cards. Some agencies will miss the deadline, because the directive didn't allocate additional funding for smart-card systems.

HSPD-12 doesn't require the cards to be used for network access or many of the other functions vendors are pitching, he added. "This is such as enabling technology, and right now, there's no decision about its potential use," he said. "The good news is it's going to let you in the front door."

Mobile Security Insider: iOS vs. Android vs. BlackBerry vs. Windows Phone
Join the discussion
Be the first to comment on this article. Our Commenting Policies