[Infowarrior] - DoD plans to bring CAC cards to an end

[Richard Forno]

DoD plans to bring CAC cards to an end

By Jason Miller | @jmillerWFED	June 15, 2016 4:45 am

The Common Access Card has driven the Defense Department’s cybersecurity posture for much of the past 15 years. But the end of the CAC card may be near.

DoD Chief Information Officer Terry Halvorsen said June 14 that he plans to phase out the secure identity card over the next two years.

“We will not eliminate public-key infrastructure. We will not eliminate high security. But frankly, CAC cards are not agile enough to do what we want,” Halvorsen said at the FedForum 2016 sponsored by Brocade in Washington. “We may still use them to get into a building or something, but we will not use them on our information systems. We will use true multi-factor that actually does a couple of things for me — gets me more agile because there is an overhead for CAC cards, not just cost overhead, but a time overhead and in my business it’s a location overhead. It’s really hard to issue a CAC card when people are dropping mortar shells on you and you need to get into your systems. It just doesn’t work well.”

Halvorsen said he’d like to move to a behavior-based approach for network authentication.

“If I structure it right, I could build the behavior pattern of that person’s identity. We can like it or not, but one of the best ways for me to check security is to see if their behavior pattern has deviated. That might not be you anymore,” he said. “So we are looking at maybe, not giving an answer, but some of the things we are thinking about is some combination of behavioral, probably biometric and maybe some personal data information that is set for individuals. There are other thoughts like iris scans. All of those are doable today.”

DoD began issuing CAC cards in 2001, and over the last 15 years the smart identity cards have become the de facto, governmentwide standard for network and system security access control.

The Defense Manpower Data Center says it issued 2.8 million CAC cards last year to uniformed service members, civilian employees and contractors.

Over the last 15 years, DoD has issued more than 20 million CAC cards.

DoD has struggled over the last decade to find the best way to integrate the smart identity cards with mobile devices. But this was the first time a senior official has publicly said it’s time to move off the CAC cards for network access.

Since DoD mandated logical access control in 2006, the Pentagon’s networks have been better protected against typical attacks by hackers, including phishing and other attempts to steal credentials.

< -- >

http://federalnewsradio.com/defense/2016/06/dod-plans-bring-cac-cards-end/

--
It's better to burn out than fade away.