Who Goes There?
Military forces operating in inherently dangerous environments require an enormous commitment of force protection resources, particularly security forces and augmenting personnel. While U.S. armed forces personnel are properly vetted and credentialed to authenticate their identity, there is often another large human infrastructure required to support and sustain operations who have not been authenticated. Often, the personnel employed to provide basic installation, construction, operations and maintenance services in support of the military are “third country nationals” subcontracted by facilities-support contractors. These contractors and their employees are often unable to meet stringent levels of vetting and are usually difficult to adequately credential. In many cases, it can be impossible to verify service provider identities beyond their personal declarations of who they are.
Thus, the combatant commander is faced with a tough risk management decision — how to optimize force protection and safety in an environment where forces operate in close proximity to thousands of “unvetted” personnel who are at the same time crucial and potentially dubious. Consequently, in the past, this scenario has often required deployed security forces to locally develop identity management Tactics, Techniques and Procedures (TTP) to allow constrained personnel resources to effectively deal with potential threats.
Fortunately, identity management technology and infrastructure have been rapidly evolving, and the Defense Manpower Data Center’s (DMDC) developmental work since Sept. 11 offers an IT capability to address these challenges. For the past 10 years, DMDC has been evolving the DoD Common Access Card (CAC), including the inherent vetting strength derived from its association with the Defense Eligibility Enrollment and Reporting System (DEERS). Over the past three years, DMDC has integrated its security infrastructure and processes into a leading-edge identity management capability, the Defense Biometric ID Management System (DBIDS.) Using DBIDS, deployed commanders can now screen and credential non-military support personnel locally to establish their identities and create a credential similar to the CAC that associates data, images and biometric factors at the local command. Currently DBIDS only collects data at the local facility level, but future versions of DBIDS software will allow the sharing of this data across regional, and eventually, global networks.
First, the system requires that identity be established so that the individual that presents himself as John Doe is in fact John Doe. Information is collected, assessed and screened, and then associated with biometric factors that might include hand geometry, facial geometry, finger printing, or iris scanning and then potentially further associated with facial images. In future versions of DBIDS, the local screening data will then be compared with registration information from other databases. Once the biometric information is associated with the applicant’s registration, the DBIDS establishes the identity and issues a DBIDS token, a photo ID similar to the CAC, but also including specific access instructions.
DBIDS is installed throughout the DoD predominantly in permanent, fixed configurations, but can be rapidly deployed as a kit when needed to provide a rapid, flexible identity management capability. Among the DoD communities of interest eligible for CAC issuance, future versions of DBIDS will be powered by the DEERS database consisting of 23 million records of highly vetted former and active military personnel and their family members.
If an individual inappropriately attempts to gain entry to an installation, campus or building where access is unauthorized or has been withdrawn, DBIDS bars access and generates a warning to security personnel. Thus, identity management technology provides both physical protection to those reliant on installation infrastructure as well as acting as a deterrent to those who would seek to disrupt it.
Additionally, the system will eventually provide a means to establish a regional or global “blacklist,” debarring and tracking any personnel who have been denied or withdrawn physical or logical assess to DoD resources.
Records used for screening third country personnel will understandably not carry the same assurances or authority within the DBIDS database of U.S. military personnel. The DBIDS identity card does, however, provide a valuable identity management capability supporting global military security requirement.
Security is a fundamental part of any military operation and the information technology tools DMDC provides the DoD today play an integral part in ensuring the security of the people and infrastructure defending the nation.
About the Author
Lisa Kimball is director of Xacta Corp., Ashburn, Va., the security solutions subsidiary of Telos Corp.