 |
 |
 |
 |
March 2007 • Volume 12 Number 3
|
 |
|
Member Profile: BearingPoint
Within the Federal and Defense arena, Mr. Hannah has identity management operations and program management experience with the DoD (including DMDC, BMO, WHS, Navy, Army, Air Force, and Marine Corps), DHS (TSA), State Department, GSA, GAO, MoD UK, and DfEE UK. As the Program Manager for the TSA Transportation Worker Identification Credential, he fielded an operational, nationwide end-to-end identity management and biometric credentialing system just 96 days after contract award. As Project Manager for the Department of Defense Common Access Biometric Working Group, he performed a series of smart card, biometric, and cryptographic technology evaluations to evaluate how DoD might deploy biometric technologies in conjunction with their Common Access Card. He also helped the Department of Defense Defense Manpower Data Center receive international recognition for their award winning Common Access Card program. Prior to joining BearingPoint (then KPMG LLP) in 1998, Mr. Hannah held a number of technology and management positions with Andrulis, Tyco International, and the Department of Defense (U.S. Navy). Mr. Hannah holds a Bachelor of Science Degree (magna cum laude) in Electrical Engineering from the University of Connecticut. He is a graduate of the Navy Nuclear Power Engineering School, Navy Nuclear Prototype School, Navy Submarine School, and qualified Nuclear Engineering Officer on Submarines. Mr. Hannah holds a Top Secret Security Clearance and is a member of the Smart Card Alliance, M1/B10, ITAA, Biometric Consortium, European Biometric Forum, Government Smart Card Interagency Advisory Board, FICC, FIXS and many other public and private sector organizations. 1. What are BearingPoint's main business profile and offerings? BearingPoint provides strategic consulting, application services, technology solutions and managed services to Global 2000 companies and government organization. Our approximately 16,000 professionals in 39 countries help customers achieve results by identifying mission-critical issues and implementing innovative and customized solutions designed to generate revenue, reduce costs and access the right information at the right time. Within our Public Services practice, we serve all 15 U.S. Federal Cabinet-level departments, 23 U.S. states and three Canadian provinces. Within the Public Services practice, our Security and Identity Management team is comprised of more than 130 experts who develop and deliver complex security solutions for government clients. Our Security & Identity Management practice offers our clients deep experience in new technologies, including PKI, smart cards and biometrics, integrated with program support and governance. 2. What role does BearingPoint’s business play in supporting smart card technology? Our company has made significant investments in advancing smart card technology. For example, our Global Identity Management Center of Excellence, based in Tysons Corner, Virginia, offers clients an opportunity to work side by side with our own security professionals to develop and implement tailored smart card solutions. In the Center of Excellence (COE), we are also able to pursue our own research and demonstrations around the latest smart card technology initiatives. Our COE supports development and testing along with demonstrating end-to-end HSPD-12 solutions with multiple integrated applications like digital signature, 3-factor authentication, physical and logical access, provisioning and authentication, handheld card authentication and identity verification, remote access using smart cards, and multi-biometric authentication. We are also in the process of building out our Security Academy, which is a unique training program that offers our own employees and our clients an opportunity to learn about the latest security technologies and procedures 3. What trends do you see developing in the market that BearingPoint hopes to capitalize on? World events and the increased incidence of identity theft have caused IT and physical security technologies to converge. The result has been Federal mandates such as the Homeland Security Presidential Directive 12 (HSPD-12) and the Federal Information Security Management Act (FISMA) of 2002. Information security and identity management projects have been pushed to the forefront of government procurement initiatives. Smart card technology is becoming more mainstream, both in the public and commercial sector. In public services, we are seeing more and more agencies adopt smart card technology in response to HSPD-12, and then realize added benefits in terms of interoperability between other agencies, physical and logical access applications, and lower user authentication costs. The adoption of smart card technology is also having an impact on state governments, contractors and private corporations that do business with the federal government – as this new standard for authentication becomes the single point of management for security and authenticity. 4. What obstacles to growth do you see that must be overcome to capitalize on these opportunities? Within Public Services, one of the biggest challenges that we have seen is in the integration of smart card applications. While many federal, state and local agencies are routinely using smart cards as a secure means of accessing facilities and information, few have taken the technology to the next level and integrated complementary applications onto the cards, such as digital signing capability, computer logon, or building entry. Another challenge that we’ve observed is compliance with HSPD-12, FIPS 201, and the related NIST special publications. Our experience working with clients such as GSA is that achieving full certification and accreditation for a smart card solution is not only a technology concern, it’s also a governance issue that encompasses risk management, reporting, controls, testing, training and accountability. As one of the first service providers to help a major federal agency go through a full certification and accreditation process, we’ve seen firsthand the challenges involved in meeting federal guidelines. One of the ways that we are trying to help agencies overcome these obstacles is through the development of our HSPD-12 Assessment Tool (HAT). This is an interactive tool that helps agencies assess the effectiveness of their smart card technology and identify any gaps in performance. 5. What do you see are the key factors driving smart card technology in the market? Clearly, in the government space, the key factor is compliance and security. However, another key factor is convenience. One of the most attractive features of smart cards is the advantage of single sign-on, not having to remember multiple passwords for different purposes. Another example is use of the card for multiple purposes – signing emails and using an ePurse for financial transactions. 6. How do you see your involvement in the Alliance helping BearingPoint? The Smart Card Alliance has done a tremendous amount of work in terms of raising awareness and stimulating thought leadership around smart card technology. Our involvement in the Alliance has enabled our company to stay abreast of the latest industry trends and best practices. Through the Alliance’s events and education programs, our employees and our clients are better connected to the latest information on issues surrounding smart cards. In August 2006, the General Services Administration (GSA) awarded a competitive contract to BearingPoint to lead the agency’s HSPD-12 solution aimed at servicing numerous customer agencies within the Federal Government. In just under two months, the BearingPoint team stood up a fully functional end-to-end HSPD-12 system and enrolled and vetted hundreds of federal employees. BearingPoint and GSA completed the requirements for full certification and accreditation of the solution in accordance with the National Institute of Standards and Technology, paving the way for other government agencies to integrate checks and balances into credentialing products.
|
|
This month, Smart Card Talk spoke with Gordon Hannah, Managing Director, Public Sector Security and Identity Management Group, with BearingPoint. Mr. Hannah is the Executive responsible for the strategy and direction of Identity Management solutions and services for the BearingPoint Public Sector Security Group. He has over 17 years of Homeland Security, Federal, Intelligence, Health Care and Military sector experience and seven years of managing Enterprise Identity Management initiatives. 
