Zivney to Congress: HSPD-12 plans need review

SIA representative points to ongoing technical and collaboration challenges with HSPD-12

This afternoon in Washington, D.C., Rob Zivney, the vice president of marketing for physical access control systems company Hirsch Electronics, presented to the U.S. House Subcommittee on Oversight and Government Reform an industry position on the implementation of HSPD-12. Zivney was on hand to represent the interests of companies in the Security Industry Association -- an association representing vendors of physical security solutions.

According to Zivney, the project has faced unrealistic expectations, both in terms of how long it would take federal organizations to implement such converged access control solutions as HSPD-12/FIPS 201 specifies. He also noted that the cost of HSPD-12 projects were often underestimated. Zivney also noted that the project created Catch 22s around who could have the PIV card for testing and designing of systems that would support the new standards, and he said that was part of an overall challenge by the vendor community to bring systems up to the new FIPS 201/NIST standards that are being required for the HSPD-12 project.

Additionally, he advocated for the creation of an OMB “physical security team” that could serve as a liaison between the government and the vendor community to help communicate product needs and changes related to HSPD-12 and any future government security initiatives. The overall message seemed to be that while the security industry was fully behind the HSPD-12 program, the initiative needed changes to bring it in line with realistic goals and processes.

Zivney’s full testimony appears below:

Statement by the Security Industry Association before the U.S. House Subcommittee on Government Management, Organization, and Procurement

April 9, 2008
From Rob Zivney, Hirsch Electronics, representing the Security Industry Association

Chairman Towns, Congressman Bilbray, and members of the subcommittee. Thank you for the opportunity to testify before you about federal agency implementation of Homeland Security Presidential Directive 12 (HSPD-12).

My name is Rob Zivney. I am the vice president of marketing for Hirsch Electronics headquartered in Santa Ana, California. Hirsch Electronics is a manufacturer of physical access control systems for non-residential markets, including the federal government. I also serve as the Chair of the Security Industry Association’s (SIA’s) Personal Identity Verification (PIV) Working Group.

I am honored to testify today on behalf of SIA, which represents 400 manufacturers, integrators, and dealers of electronic security equipment. SIA members provide electronic systems solutions for physical security that protect your constituents and millions of Americans who access government facilities, ports, local schools, colleges, hospitals, airports, mass transit systems, retail establishments, and other institutions. Many systems have the ability to change operational modes in response to varying threat levels to ensure the security of these facilities and the people within.

As this subcommittee examines the findings of the General Accountability Office (GAO) Report released earlier today, I would like to emphasize that SIA members strongly support the goals of HSPD-12. We welcome this subcommittee’s interest in implementation of HSPD-12. SIA members are fully committed to offering our assistance to ensure the successful implementation of this directive by all federal agencies.

Mr. Chairman, I would like to make several points that will contribute to this subcommittee’s evaluation of HSPD-12 implementation. Simply put, security is only as strong as the weakest link. In our view, HSPD-12 - and the associated standards developed by the National Institute of Standards and Technology (NIST), specifically the identity vetting processes - forms a far stronger foundation for our federal government agencies’ security than we have ever witnessed in the past. Identity verification in routine access transactions are enhanced by the use of the credential bearer’s fingerprints template, which are taken from the same fingerprints submitted for and cleared in the background check during the issuance process.

This content continues onto the next page...