Biometric live capture enrollment is an emerging technology with commercial and government applications that are essential to maintaining a secure critical infrastructure. A battery of laws and regulations enacted after 9/11 mandate the development of increasingly secure identification, credential and access management (ICAM) technologies for security applications in these sectors, in addition to other safety and security programs.
These regulations extend to markets including aviation, public utilities, telecommunications, water supply, agriculture, natural gas, heating oil, public health (hospitals and ambulances), transportation systems, financial services, and police and military infrastructures.
Over the last fifteen years, considerable work has been done to improve identification credential and access management systems across vital government, transportation and commercial infrastructure. Biometric live capture enrollment technology is emerging as a critical component in a holistic approach to better identity security.
For airport security, several organizations have investigated and/or promoted improved access control systems and credentialing for airport workers, including the Radio Technical Commission for Aeronautics (RTCA) and the American Association of Airport Executives (AAAE). The RTCA Special Committee 224 (SC224) recently published revision D of the guidance document DO230, Standards for Airport Security Access Control Systems, identifying forward-thinking guidance for access control systems to address the legislative mandates for biometric access control.
The AAAE formed the Biometric Airport Security Identification Consortium (BASIC) with the objective to define a comprehensive, airport-driven, step-by-step plan, outlining how airports would migrate to biometric-based badging and access control systems.
Work has been initiated by TSA, FAA, and many of the necessary stakeholders to meet the legislative requirements, but gaps exist as a result of challenges within the stakeholder population, technologies for biometric identity management and use-case value proposition.
National security doesn’t stop with aviation; clearly the entire critical infrastructure market also has to be protected. Among these markets, systems and facilities supporting the nuclear and chemical industries, the Disaster Recovery Center (DRC), and defense infrastructure are of particular concern.
Considerations for Credentialing
Determining the stakeholder value proposition is not easy. The benefits of a standardized, converged credential with multiple use cases depend on the organization and the level of integration the ID credential can achieve within the enterprise. Organizations that have implemented high-assurance FIPS201 credentials, including government and commercial entities, can provide a point of reference for enterprise implementation.
The federal government itself is a large-scale user with the Homeland Security Policy Directive 12 (HSPD-12) implementation in the Executive Branch and the more recent requirement issued in 2011 by the Office of Management and Budget Memorandum 11-11 (OMB11-11).
The Department of Defense (DoD) is the farthest along in implementing OMB11- 11, which requires implementation of the HSPD-12 FIPS201 credential in logical and physical access control for the executive agencies of the government. Users within the DoD recognize the value of a single high-assurance identity credential and this is highlighted when DoD staff are assigned to another agency without similar capability – productivity and security is negatively impacted without OMB11-11 implementation.
The Role of Systems Integrators
Systems integrators have the opportunity to help organizations find their feet in this complex and essential ecosystem, to meet government mandates without reinventing the wheel or going too far afield, and to secure their own facilities and operations.
Education is a crucial part of the systems integrator’s responsibility. A successful integrator will understand and be able to educate customers about the requirements; thus, the integrator’s knowledge of new and proven technologies, control systems and use-case value propositions is essential.
An ability to provide regionally operable solutions is important, but is perhaps a short-term and short-sighted approach. Better systems integration will incorporate products that support nationwide implementation, meet appropriate mandates, and perform across the infrastructure. Standardization is needed and will likely come about. Systems integrators should be involved in this process – to make sure the standards are achievable as well as to understand them and be able to incorporate them into their own technology solutions.
To become a part of a holistic security solution throughout the critical infrastructure, systems integrators need to balance their business goals with commonalities shared across the industry and its stakeholders. Interoperability and consistency are essential, and the most successful integrators will be actively engaged in the establishment of a shared security infrastructure.
Local Control, Nationally Connected
Access control and identification credentials can be developed to fit an organization’s individual security requirements, and even issued locally – without compromising the interoperability that will allow true authentication and validation of identity, and quick background checks. Kiosks that can be connected to national databases are available for live biometric capture and identification issuance.
Installing a self-service biometric capture and enrollment kiosk on-site in a facility’s lobby or Human Resources office will save time and resources. Access credentials issued in this manner will allow for scanning to obtain entry at facility gates, doors and secure areas. Different levels of security clearances can be embedded in the credential to validate authorized entry to designated security zones. Kiosks can even be remotely deployed, for use at job fairs and other off-site venues.
Simply meeting Congressional mandates does not singularly justify the business case for implementing technology to improve security, particularly when mandates are “unfunded.” However, many mission-critical industry segments broadly support the use cases for high-assurance identity credentials.
Gerald Hubbard is Director of Business Development for Global Enterprise Technologies Corp. (GET Group), a provider of integrated physical security systems and other technologies for more than 25 governments worldwide. Visit www.getgroup.com for more info.
