DISA working on multi-factor authentication that includes how you walk, retiring director says
The Defense Information Systems Agency isn’t stopping at standard biometrics like fingerprints and iris scans to improve identity verification — it’s counting your steps to make it happen, too.
Outgoing DISA chief Lt. Gen. Alan Lynn said to capitalize on the expanding use of mobile technology in the field, the agency is working to bring authentication with as many as seven biometric measures, including gait of your walk, to devices to better identify you, though he didn’t detail all seven.
“That’s as individual as a fingerprint,” Lynn said Thursday at a luncheon with the Washington, D.C. chapter of AFCEA, during which he announced he’d be retiring from his director position and active duty Feb. 2, after a transfer of DISA command the day prior to Rear Adm. Nancy Norton.
“It’s not just one thing, it’s all of those things,” Lynn said, referring to biometric authentications for fingerprints or facial identification — which alone could prove difficult for the warfighter in the field to utilize.
Identity has been among one of the greatest challenges for IT professionals to crack as they look to ensure proper access for users in the vast government information architecture.
Lynn said the need to make the warfighter more mobile helped focus the identity issue, and DISA has been working to better leverage mobile devices in-house to make that happen.
“The [armed] services are all mobile, so we already know that’s the requirement,” he said. “Size, weight and power is kind of a critical denominator for a warfighter. We just took a small group of really hungry, innovative guys and gals and brought them together. They started innovating it and trying it.”
DISA also partnered with industry stakeholders on how the authentication might work, Lynn said, which provided both with incentives to develop the tech.
“What we are building is something that I think could easily transition to the commercial side,” he said. “Because your identity is out there. You see all of these commercial guys perform with pieces or parts of it. If we could pull it all together so it’s kind of a platform and it’s informed by all the work we do with highly classified folks to really harden it, it’s kind of a win-win.”
Lynn addressed a variety of other topics during the appearance, such the Spectre and Meltdown vulnerabilities and securely moving the Defense Department to the cloud.
“We’ve known about this for a little while,” he said of the vulnerabilities. “It’s like anything else, there’s an incident or issue and we triage it — how bad a problem is this, how hard is it to get into the devices and get through them and then decide how big of a problem that is for us.”
“I think this is a tough one for everybody,” Lynn added. “I don’t think there is an easy answer, and we are working with industry to come up with a solution.”
As the Pentagon sets a path toward acquiring a departmentwide commercial cloud solution, he explained the difficult proposition the department faces. “Straight-up commercial cloud is not that secure.”
“If it’s something that you don’t really have to protect that much, straight-up commercial cloud is the way to go, as long as it’s not heavy transactions,” Lynn said. “From our perspective, the more things that go out into straight-up commercial cloud that we don’t have to defend, that decreases our problem set. So, we’re behind it. We’re excited about it.”