DOD plans to eliminate CAC login within two years
The Department of Defense will phase out the use of the Common Access Card for network login, replacing it with biometric identity authentication systems that are standardized between the U.S. military and its allies, Pentagon CIO Terry Halvorsen said Tuesday.
“We are embarking on a two-year plan to eliminate CAC cards from our information systems,” Halvorsen told the 2016 Federal Forum, presented by Brocade and produced by FedScoop. He said the department would keep its public key infrastructure, or PKI, encryption architecture but that CAC cards “are not agile enough to do what we want.”
“We may still use them to get into a building, but we’re not going to to use them for our information systems. We’re going to use true multifactor [authentication],” he said.
Halvorsen said biometric technologies like iris scans and behavioral analytics “are all doable now,” and that CAC cards could be replaced by “some combination of behavioral, probably biometric and maybe some personal data information that’s set from individual to individual.”
Back in April, at an AFCEA Defense Information Services Agency event, Halvorsen raised the prospect of possibly eventually dumping the CAC card for logical access, as part of moves to standardize identity authentication U.S. allies, but he gave no timeline and did not indicate that any decision had been made.
Getting rid of CAC cards, Halvorsen said Tuesday, “gets me more agile.”
“There’s an overhead with CAC cards, and it’s not just a cost overhead. It’s a time overhead, and in my business it’s a location overhead,” he said. “It is really hard to issue a CAC card when people are dropping mortar shells on you and you need to get into your system. It just doesn’t work.”
Halvorsen said the need to integrate with other English-speaking “Five Eyes” nations — Australia, Britain, Canada and New Zealand — and NATO allies was another driver behind the decision to abandon CAC cards.
“We’re very close to … an agreed-upon identity standard and methodology” that would allow common network access among allies.
“That’s an unbelievably powerful win for us in terms of combat and information multiplier,” he said, adding that currently, one of his “biggest problems” was ensuring network access for allied officers serving with the U.S. military.
“We are looking broadly at innovation in the authentication area across industry and government,” explained Defense Department Spokesman Lt. Col. James Brindle afterwards. “We want device-agnostic agility; the ability to identify a user, even if a device is lost; and a consistent approach to identity credentialing among our allies.”
Brindle added that DOD was “working closely” with NATO and Five Eye allies and would be developing a detailed transition plan once that work was done. “As we evaluate our options, we will provide more information later this summer or early this fall.”
Contact the reporter on this story via email Shaun.Waterman@FedScoop.com, or follow him on Twitter @WatermanReports. Subscribe to the Daily Scoop to get all the federal IT news you need in your inbox every morning at fdscp.com/sign-me-on.