The military has big plans for AKO. Last year Boutelle and Air Force Lt. Gen. Charles Croom, director of the Defense Information Systems Agency (DISA), decided to expand the AKO into DKO (Defense Knowledge Online) to include all of the services and Defense Department agencies.
The goal is a single portal for all of the military who will use an SOA to deliver the AKO services that have already proven themselves, as well as newer collaboration capabilities using IBM’s Sametime suite, which DISA recently licensed to provide amenities such as Web conferencing, white board tools, application sharing, broadcasting, chat, and audio and video capabilities to soldiers.
“[DKO] will also provide a cost reduction across the DoD by leveraging enterprise buying power of the DoD versus each service and agency buying and maintaining separate portals,” says Marvin Wages, deputy chief of the knowledge management division at the Army CIO’s office.
It could take longer than planned for this to happen, however. Initial expectations had the first version of DKO launching this summer, but budget problems, along with ensuring that the AKO architecture can scale to the expected number of DKO users, has put the start off to a time yet to be decided.
Raising the bar on access control
Budget problems are also hindering agencies’ efforts to get in line with the HSPD-12 directive.
Issued in August 2004 by President Bush, HSPD-12 requires agencies to issue standard identity credentials, in the form of biometrics-laden smart cards, to their employees and contractors by Oct. 27.
It’s an “inordinately complex” undertaking for most agencies, says Bruce Brody, vice president of information security at Input, a technology analyst firm that focuses on government markets. But the technology issues are probably the easiest concerns to deal with.
That’s because the government can set its own standards. The National Institute of Standards and Technology (NIST) last year published FIPS (Federal Information Processing Standard) 201, which specifies the smart card functions, the interface technologies, and the biometric identification data.
Vendors must ensure that their systems are FIPS 201-compliant before government agencies can even consider buying them.
But the requirements for the identity management systems that will handle card distribution and application of the biometric data for each agency, as well as manage the databases that contain the identity information, are not so clear. And it’s likely they never will be, as these requirements must integrate card management systems, registration systems, a number of different personnel-management systems, and enterprise-level physical and network security access systems that have traditionally been very attuned to individual agency’s needs.
“The government’s industry partners have wrestled [the technology issues] to the ground,” Brody says. “But it’s the cultural issues and the need for the agencies to find $100 million to do this that are proving problematic.”
The White House has said agencies will not receive any more money to deal with the HSPD-12 mandate, so agencies must find the funds from existing budgets. And program managers at the agencies can’t skimp on what they do, Brody says, because a true enterprise solution means having to deal with all manner of stovepiped legacy systems, involving people as well as technology.
A recent Input study showed that about half of federal government IT managers still don’t have a plan to meet the October deadline.
Beyond security, functionality such as secure remote access, SSO (single sign-on), enterprise integration through Web-based interfaces, better agency coordination during emergencies, and better forensic capabilities are all touted as additional advantages not covered by strict HSPD-12 compliance.
“The concern is if agencies just stop at handing out the credentials,” says Randy Vanderhoof, executive director of the Smart Card Alliance. “There’s so much more potential in the new credentials to getting agencies to work together and develop usable solutions.”