 |
 |
 |
 |
September 2007 • Volume 12 Number 9
|
 |
|
Executive Director's Letter
There comes a time in every successful organization when they make the transition from observing what is happening around them to starting to make things happen. I think the Smart Card Alliance has turned that corner - moving from simply reporting what is happening in the smart card industry to effectively influencing and changing the industry. One example of this transition occurred this spring and summer when I was selected to represent the smart card industry and participate in a government-only FIPS 201 Migration Task Force. This task force was sanctioned by the Inter-agency Security Committee (ISC) to report to the Office of Management and Budget (OMB), the Executive Branch's oversight office for all government spending programs, on the strategy for federal agencies to migrate to use new federal ID cards in their physical security systems. My role on this task force was to interface between the government representatives and the smart card industry, the security industry, and the international standards bodies and to provide guidance for federal security officers to begin utilizing the PIV smart identity card within the federal enterprise. What began as an observing role quickly turned into a leadership position for the Smart Card Alliance to help shape the future policy for physical access control system migration in the federal government. The Physical Access Council rose to the challenge and began developing a document that began to take on a purpose all its own. Soon the document took on a life outside of the original Migration Task Force effort and became an industry-wide view with input from other industry groups, NIST, and other federal agencies. This week the Physical Access Control System Migration Options for Using FIPS 201-1 Compliant Credentials white paper was released. The document has been endorsed by the Smart Card Alliance, Security Industry Association (SIA), International Biometrics Industry Association (IBIA) and the Open Security Exchange (OSE) - the first collaboration of this magnitude for issuing security industry guidance. A second example, also involving HSPD-12 related issues, was an invitation from the Government Accountability Office (GAO) to the Smart Card Alliance this month to meet with GAO analysts to answer questions about the progress the federal government and the smart card and security industries have made in implementing the objectives of HSPD-12. This was the second time the Alliance has appeared before the GAO on HSPD-12 matters where the GAO was seeking our insights into the progress and work yet to be done in issuing millions of federal identity cards and having them put to use in security and IT applications within the government. The information shared by our industry experts will become part of the official report to be issued by GAO in the near future. The Alliance has forged a reputation for being honest and well-informed about these and other federal identity card related programs. Similarly, the recently-announced TWIC reader recommendations announced by the Transportation Security Administration (TSA) and U.S. Coast Guard included tougher privacy protections for the transfer of biometric data over the contactless interface. The recommendations were heavily influenced by an ad-hoc committee led by the IBIA and involving members of the Smart Card Alliance. Examples of other identity and security-related issues where the Smart Card Alliance still has a chance to be a force that effects change is in the way government deploys identity and security solutions to meet the objectives of the Western Hemisphere Traveler Initiative and REAL ID Act. Both of these programs are facing imminent, critical decision points. The pressure that the Alliance has placed on the government to re-think the technology choices that are favored by the Department of Homeland Security (DHS) for using non-smart card solutions may still lead to fundamental changes in how these programs progress. This newfound power to affect the outcome of major identity and security initiatives comes with the responsibility to represent the interests of the smart card industry without sacrificing our integrity for commercial rewards. So far we have been able to assume the higher ground when it comes to defending our position that smart card chip technology is the best choice for large-scale identity and security initiatives. I hope that continues and we don't lose sight of the fact that with power comes responsibility. From my experience, we have had a pretty good track record so far. In closing - in case anyone reading this has been out of the communications loop for the last three months - we have our next event coming up in just a few weeks. The 2007 Annual Conference in Boston on October 9-11 is expected to be another fantastic event. Take a look at the agenda and decide for yourself. I hope to see you in Boston - Cheers!
Randy Vanderhoof
|
|
