U.S. military developing system with wearable and biometrics for mobile network access
The U.S. Army Combat Capabilities Development Command (CCDC), subordinate agency of Army Futures Command (AFC), is developing a multifactor system with biometrics for identifying and authenticating soldiers in the field and authorizing access to network-based capabilities, Army Recognition reports.
The system in development by the Command, Control, Communications, Computers, Cyber, Intelligence, Surveillance and Reconnaissance (C5ISR) Center operated by the CCDC is based on a lightweight wireless wearable token, which can be held in a pocket or attached to a piece of clothing or a wrist band. When the soldier is in proximity to a networked system, the system would recognize the soldier and prompt him or her to enter a PIN or biometric as a second factor. When the soldier walks out of range of the system, the session is closed and the soldier is logged out.
The new wearable tokens combine public key-based security, similar to that of the Common Access Card (CAC), with cutting edge advances in wireless communications and flexible hybrid electronics, according to Tactical Identity and Access Management Project Lead Ogedi Okwudishu.
“Soldiers should not have to take out a smartcard, insert it into a card reader and then remember to remove the card from the reader when they are done,” says Okwudishu. “Contactless identity tokens are not only easy to use, but they also provide significant cost savings for the Army. You can continue to add authentication capabilities without needing to redesign, or deploy new, tactical hardware to every laptop, server, handheld device or weapon system in the field.”
Meanwhile, the U.S. Defense Information Systems Agency (DISA) has announced it will launch a lab for researchers to test technologies for a pilot program to protect against unauthorized access of Pentagon IT systems with a zero-trust network architecture, Nextgov reports.
The pilot program, a joint project by DISA and U.S. Cyber Command, includes the creation of a framework for continuous monitoring and access checks of different network layers, identity and access management (IAM) tools, and implementing them across the Pentagon, according to the report. The new lab will be located near DISA’s headquarters in Fort Meade.
The Pentagon included zero-trust architecture as part of its digital modernization strategy it announced in July, and DISA Cyber Directorate Acting Director Jason Martin told Nextgov that funds will be available to support the program for the foreseeable future.
The Department of Defense was reported earlier this year to be testing out multiple systems for continuous authentication, and DISA tested multi-biometric chipsets for continuous mobile authentication early in 2019.