November 29, 2016 -
Earlier this year Defense Department CIO Terry Halvorsen said that the agency is working towards replacing the Common Access Card with an “agile,” multi-factor authentication system in the next two years, according to a report by Secure ID News.
Halvorsen said the Common Access Card — a smart card that enables Defense employees to access computer networks and physical facilities — would be replaced by “some combination of behavioral, probably biometric and maybe some personal data information that’s set from individual to individual.”
Some government officials have said that their respective federal agencies have no plans on eliminating the use of their own Common Access Card and the PIV.
This could only occur if HSPD-12, the directive signed by President George W. Bush calling for an interagency standard and interoperable credentia, were repealed, according to government sources.
One unnamed government official said it would take a minimum of two years for any new authentication system to be sufficiently funded.
Another issue is that any behavioral, continuous biometric systems would be required to complete rigorous, time-intensive testing and certification before being adopted by federal agencies.
Although the U.S. government is unlikely to cease the issuance of smart cards in the near future, they will continue to ramp up the use of other authentication methods, including derived credentials on mobile devices that can secure access to data and enable digital signage on documents.
However, one government official said the smart card will continue to be used since no other authentication method can achieve the same level of security and convenience in a desktop work environment.
Another benefit of the smart card is that the more it is used for more applications – both physical and logical – the relative cost of the authentication form depreciates.
Steve Howard, principal at Endeavor Blue LLC, said that while mobile devices will play an increasingly integral role in identity and authentication over the next few years, a significant culture shift is required to completely eliminate the card form factor.
“People are used to seeing the physical badge when you’re walking around,” Howard said. “It’s so ingrained in people that it isn’t going away anytime soon and nothing can replace that.”