To be covered: S&T Intro TTWG. Research/Pilots. Scope Goals Report

Similar documents
Karyn Higa-Smith, Research Program Manager

Transportation Worker Identification Credential (TWIC) Steve Parsons Deputy Program Manager, TWIC July 27, 2005

Strategies for the Implementation of PIV I Secure Identity Credentials

Interagency Advisory Board HSPD-12 Insights: Past, Present and Future. Carol Bales Office of Management and Budget December 2, 2008

Mobile Validation Solutions

PIV-Interoperable Credential Case Studies

Will Federated Cross Credentialing Solutions Accelerate Adoption of Smart Card Based Identity Solutions?

Emergency Response Official Credentials: An Approach to Attain Trust in Credentials across Multiple Jurisdictions for Disaster Response and Recovery

Securing Federal Government Facilities A Primer on the Why, What and How of PIV Systems and PACS

FiXs - Federated and Secure Identity Management in Operation

Office of Transportation Vetting and Credentialing. Transportation Worker Identification Credential (TWIC)

Helping Meet the OMB Directive

Interagency Advisory Board Meeting Agenda, Wednesday, February 27, 2013

STANDARD OPERATING PROCEDURE Critical Infrastructure Credentialing/Access Program Hurricane Season

Multiple Credential formats & PACS Lars R. Suneborn, Director - Government Program, HIRSCH Electronics Corporation

Interagency Advisory Board Meeting Agenda, Tuesday, November 1, 2011

Next Generation Physical Access Control Systems A Smart Card Alliance Educational Institute Workshop

National Preparedness System (NPS) Kathleen Fox, Acting Assistant Administrator National Preparedness Directorate, FEMA April 27, 2015

Interagency Advisory Board Meeting Agenda, Wednesday, May 23, 2012

Overview of NIPP 2013: Partnering for Critical Infrastructure Security and Resilience October 2013

How to Plan, Procure & Deploy a PIV-Enabled PACS

Interagency Advisory Board Meeting Agenda, April 27, 2011

g6 Authentication Platform

NATIONAL DEFENSE INDUSTRIAL ASSOCIATION Homeland Security Symposium

Introduction to the National Response Plan and National Incident Management System

000027

Federated Access. Identity & Privacy Protection

Interagency Advisory Board Meeting Agenda, February 2, 2009

(PIV-I) Trusted ID across States, Counties, Cities and Businesses in the US

Kansas City s Metropolitan Emergency Information System (MEIS)

Unified PACS with PKI Authentication, to Assist US Government Agencies in Compliance with NIST SP (HSPD 12) in a Trusted FICAM Platform

2018 Annual Report. Colorado Emergency Preparedness Partnership (CEPP)

Emergency Support Function #2 Communications Annex INTRODUCTION. Purpose. Scope. ESF Coordinator: Support Agencies: Primary Agencies:

ENTERPRISE ARCHITECTURE

Leveraging HSPD-12 to Meet E-authentication E

FICAM in Brief: A Smart Card Alliance Summary of the Federal Identity, Credential, and Access Management (FICAM) Roadmap and Implementation Guidance

Version 3.4 December 01,

Washington Metropolitan Area Transit Authority Board Action/Information Summary

Terrorism Prevention. April 13, 2011 Michael J. McMullen Program Manager

Mitigation Framework Leadership Group (MitFLG) Charter DRAFT

Overview of the Federal Interagency Operational Plans

TERRORISM LIAISON OFFICER OUTREACH PROGRAM - (TLOOP)

The J100 RAMCAP Method

HITPC Stage 3 Request for Comments Smart Card Alliance Comments January, 14, 2013

EMERGENCY SUPPORT FUNCTION (ESF) 13 PUBLIC SAFETY AND SECURITY

Mississippi Emergency Management Agency. Shawn Wise. Office Of Preparedness

CertiPath TrustVisitor and TrustManager. The need for visitor management in FICAM Compliant PACS

All-Hazards Approach to Water Sector Security & Preparedness ANSI-HSSP Arlington, VA November 9, 2011

Single Secure Credential to Access Facilities and IT Resources

DHS ID & CREDENTIALING INITIATIVE IPT MEETING

Leveraging the LincPass in USDA

Perspectives from the U.S. Federal Communications Commission: Lessons Learned on ICTs in Disaster Prevention and Relief

State Governments at Risk: State CIOs and Cybersecurity. CSG Cybersecurity and Privacy Policy Academy November 2, 2017

Challenges and Opportunities in Cyber Physical System Research

The Office of Infrastructure Protection

Statement for the Record

TWIC Transportation Worker Identification Credential. Overview

PKI and FICAM Overview and Outlook

Public Safety Communications Evolution

DHS Supply Chain Activity: Cross-Sector Supply Chain Working Group and Strategy on Global Supply Chain Security

Interagency Advisory Board Meeting Agenda, Wednesday, June 29, 2011

There is an increasing desire and need to combine the logical access and physical access functions of major organizations.

The Office of Infrastructure Protection

IMPLEMENTING AN HSPD-12 SOLUTION

The National Network of Fusion Center: Where We Have Been and Where We are Going

National Strategy for CBRNE Standards

The Office of Infrastructure Protection

Published Privacy Impact Assessments on the Web. ACTION: Notice of Publication of Privacy Impact Assessments (PIA).

The Benefits of Strong Authentication for the Centers for Medicare and Medicaid Services

Federal Identity, Credential, and Access Management (FICAM) Roadmap and Implementation Guidance

S&T Stakeholders Conference

Testimony. Christopher Krebs Director Cybersecurity and Infrastructure Security Agency U.S. Department of Homeland Security FOR A HEARING ON

FEMA Update. Tim Greten Technological Hazards Division Deputy Director. NREP April 2017

Technology Advances in FEMA Response and Recovery to Disasters

Developing a National Emergency Telecommunications Plan. The Samoan Experience November 2012

State of the Industry and Councils Reports. Access Control Council

TWIC / CAC Wiegand 58 bit format

Interagency Advisory Board (IAB) Meeting. August 09, 2005

Strategic Foresight Initiative (SFI)

Small Towns, Big Tech

Department of Homeland Security

Needs and Challenges Funding assistance Training Partnership capabilities and sustainment. Implement Risk Management

COUNTERING IMPROVISED EXPLOSIVE DEVICES

STRATEGIC PLAN. USF Emergency Management

Cryptologic and Cyber Systems Division

What Why Value Methods

Mandate. Delivery. with evolving. Management and credentials. Government Federal Identity. and. Compliance. using. pivclasss replace.

TSA/FTA Security and Emergency Management Action Items for Transit Agencies

MULTI-YEAR TRAINING AND EXERCISE PLAN. Boone County Office of Emergency Management

Physical Access Control Systems and FIPS 201

Louisiana - State Analytical & Fusion Exchange (LA-SAFE)

OPUC Workshop March 13, 2015 Cyber Security Electric Utilities. Portland General Electric Co. Travis Anderson Scott Smith

National Level Exercise 2018 After-Action Findings

Critical Infrastructure Mission Implementation by State, Local, Tribal, and Territorial Agencies and Public-Private Partnerships.

Department of Homeland Security Science and Technology Directorate

Evaluating and Improving Cybersecurity Capabilities of the Electricity Critical Infrastructure

Manatee County Government Administrative Center Commission Chambers, First Floor 9:00 a.m. - August 24, 2017

Interagency Advisory Board Meeting Agenda, December 7, 2009

Homeland Security & All-Hazards Senior Advisory Committee (H-SAC)

Thursday, May 15. Track D Security & Access Control

Transcription:

Personal Identity Verification- Interoperability/ First Responder Authentication Credential (PIV-I/FRAC) I/FRAC) Technology Transition Work Group (TTWG) Karyn Higa-Smith Research Program Manager Cyber Security Division Homeland Security Advanced Research Projects Agency Science and Technology Directorate U.S. Department of Homeland Security November 16, 2010 To be covered: S&T Intro TTWG Scope Goals Report Research/Pilots 2

3 DHS S&T Mission Strengthen America s security and resiliency by providing knowledge products and innovative technology solutions for the Homeland Security Enterprise

S&T Goals Cyber Security Division DHS S&T continues with an aggressive cyber security research agenda Working with the community to solve the cyber security problems of our current (and future) infrastructure Outreach to communities outside of the Federal government, i.e., building public-private partnerships is essential Working with academe and industry to improve research tools and datasets Looking at future R&D agendas with the most impact for the nation, including education Need to continue strong emphasis on technology transfer and experimental deployments

S&T IdM Program Focus on IdM research requirements to support the homeland security mission The Identity Management Testbed provides: Technical Risk Mitigation, T&E, validation of technologies and approaches R&D, SME & Engineering Support Exploration of architectural approaches to Identity and Access Management Collaborating across communities and working the interoperability seams Working with industry and Commercial off-the-shelf vendors PIV-I/FRAC Technology Transition Work Group FEMA and S&T supporting State and Local Emergency Response Officials FEMA and S&T Partnership Public Safety Standard Credential Interoperability & Trust Innovation

Technology Transition Working Group DHS Membership Charter S&T, FEMA, NPPD, SCO State & Local Sponsorship R&D Support State and Local Participants: Colorado Maryland Virginia District of Columbia Missouri Southwest Texas Pennsylvania Chester County, PA Pittsburgh, PA West Virginia Hawaii Rhode Island Illinois Tough Lessons Daunting Task of: Collaboration Coordination

Insights from Work Group It will take our continued commitment to really and finally get the issues related to credentialing and access management accepted as an important component of our national interoperability objectives to enhance homeland security capabilities in both the public and private sectors. This concept of integrated interoperability will promote enhanced joint planning, improve performance, and increase efficiency among all our partners. - Members of the Technology Transition Work Group Making It Work In The Field A national standard, interoperable & trusted ID for emergency response (PIV-I) One voice from the TTWG to policy makers Share lessons and successes Identify technology gaps Transition from research to operations

Return Of Investment (ROI) Top-down Bottom-up Case Study S&T knowledge product Published on: www.safecomprogram.gov www.cyber.st.dhs.gov Credentialing Challenges Multiple stove-piped credentials Multi-jurisdictional response to large-scale disasters Lack of trust and interoperability Too many credentials! Insecure physical and logical access

Collaborating Across Domains and Jurisdictions Research, Development, Testing & Evaluation Privacy Enhancing Technologies Policy-Based Decision Engine Identity and Attribute Exchange Physical and Logical Access Control Integration Fusion Center Information Sharing For More Information Karyn Higa-Smith DHS S&T Program Manager Karyn.Higa-Smith@DHS.gov 202.254.5335

Implementing PIV as a Countermeasure for the Physical Protection of CI/KR Facilities, Assets, and Personnel Charlie Luddeke, Jr. Chief of Physical Security HSPD-12 Program Manager Interagency Security Committee Member Federal Emergency Management Agency Department of Homeland Security

PIV Policies/Directives Under Homeland Security Presidential Directive 12 (HSPD-12), all federal agencies are required to adopt the Personal Identity Verification (PIV) Card standard, as defined in Federal Information Processing Standards Publication 201-1 (FIPS 201-1) FIPS 201-1 defines a standard (the PIV Card) for a smart card identity credential that: is issued based on sound criteria for verifying an individual employee's identity; is strongly resistant to identity fraud, tampering, counterfeiting, and terrorist exploitation; can be rapidly authenticated electronically; and is issued only by providers whose reliability has been established by an official accreditation process. The PIV Card serves to enhance security, increase government efficiency, reduce identity fraud, and protect personal privacy 2

Federal PKI The Federal Public Key Infrastructure (PKI) establishes a web of trust between all federal government HSPD-12 systems and enables interoperability of the PIV Card among all federal government agencies and authenticated non-federal entities Proves the Card is still valid REVOKED 3

Layered Protection uses Countermeasures ALARMS- IDS 4

We are only as strong as our gatekeeper! 5

Our gatekeepers are as capable as the tools we provide them!... 6

PIV is the Countermeasure KEY to Access 7

From Flash Pass e c n a r u s s A Low y Poor accurac ard C V I P f o n io t Visual Inspec 8

To Contactless Read Medium Assurance Contactless read of FASC-N from PIV Card with or w/out PIN entry No protection from an unknown lost or stolen PIV Card 9

To Contact Read with Biometric and PIN High Assurance Contract Read, Biometric with PIN entry Proves identity 10

Contact Read with PKI, Biometric & PIN Very High Assurance PKI certificate authentication with biometric and pin nty Proves identity and assures a valid PIV Card 11

PIV Assurance Levels Low Visual Inspection of PIV Card Flash Pass Medium Contactless read of FASC-N from PIV Card with or w/out PIN entry High Biometric with PIN entry Very High PKI certificate authentication with PIN entry 12

FEMA PIV Firsts First DHS Component to issue PIV Card under Pilot Program; FEMA has now issued over 12,000 PIV Cards Nationwide. First DHS Component to install a FIPS 201 compliant contactless physical access card reader First DHS Component to convert entire PACS to FIPS 201 compliant readers Piloting first PIV card authentication tool in DHS, which authenticates Federally-issued PIV cards First to issue a policy manual for the use of the PIV Card 13

Physical Access Control FEMA is upgrading to FIPS 201 compliant card readers which enable the use of the PIV Card for facility access The PIV Card can be authenticated (up to 3-factor authentication) using a handheld reader Depending on the Threat Level and Risk Card readers are available that do full PIV authentication of the PIV Card; FEMA is currently using these readers to validate the movement of critical F/ERO personnel Current PIV Card Reader Handheld Reader Full PIV Authentication Reader 14

PIV Card Authentication Tool FEMA is currently piloting a PIV Card Authentication Tool to perform 3-factor PIV authentication on all OGA PIV Cards/CACs (OGAs = Other Government Agencies) validating to the Federal Bridge The tool authenticates the PIV Card and programs it into physical access control software for a specified period of time Once programmed the PIV Cardholder can simply swipe the card in front of the card reader to gain access (Add PIN for heightened security levels) 15

All-in-One PIV Authentication Tool Portable Visitor Enrollment and Access Control System in one package PIV Enabled to interoperate with all PIV, CAC, TWIC and FRAC Credentials to validate and grant access for F/ERO personnel Enrolls Credentials and maintains audit record of entry (and exit) Controls One Guard Attended Point of Entry using a RED/GREEN Lamp Expandable to control multiple entry points

Identification; Authentication and Enrollment into PACs Actual Real Time Usage 17

Credential Repository Stores Personal & Card Auth Certificates Interfaces with PACS to Enroll Credentials Manages CRL Status Checks by OCSP/SCVP Notifies PACS of any Revoked Certificates Requires network connection

Guard Attended Access PACs User presents PIV Credential to Reader in 1-Factor (Contactless) or 2-Factor (Contact) mode. System lamp displays Red or Green based on identity authentication and access privileges granted. Less than 2 Seconds 19

2-Factor Authentication Reader Dual Interface (Contact or Contactless) Modes PIN for higher security level Extracts Certificates & Public Key Executes PKI challenge to certificate private key Rated for exterior use BIOmetric option available 20

Regularly Checks Certificate Status ENROLL Certificates, Name, Exp Date, FASC-N Validate Certificate is not Revoked by Checking CRL via OCSP every X Hours PC/Server AUTHENTICATION & VALIDATION: PIN DATE BIO PHOTO PKI VERIFY Validate CRL Compare FASC-N Grant Access Deny Access Read Certificate Issue PKI Challenge to Verify Private Key Create FASC-N & Send to PC/Server

Summary FEMA participates in the NIPP to assure its mission VIGILENCE - It is everyone s responsibility to protect CI/KR facilities and resources. We need the tools for success Establish the threat: Assessment. Determine the Countermeasures. Accept the Risk FEMA uses the PIV Card along with visual identification as acountermeasure to mitigate risk for many access control issues. The PIV Card, when issued and used correctly, is a tamper-proof key to the multiple layers of protection for CI/KR facilities and sites 22

Challenges Facing Our Community How will PIV-Interoperable (FRAC, etc.) cards best be used in this protection framework Smartcard technology is strong platform, but not sole answer Risk Based Background investigative standards must be aligned with federal requirements to eliminate trust issues. For Federal Access, Non-Federal organizations must provide the same trust factors as the Federal government as proscribed by FIPS 201 Technology (TTWG) Background Investigation Identity Proofing Fraud Prevention (Roles & Responsibilities) Infrastructure Protection Access is a Risk Decision at the facility Solution to above challenges can grant access to the federal castle 23

Commonwealth of Virginia First Responder Authentication Credential (FRAC) Program 9 th Annual Smart Cards in Government Identity, Security & Healthcare Conference November 2010 W. Duane Stafford Statewide Credentialing Coordinator Governor s Office of Commonwealth Preparedness 1

Arlington County 9/11 After Action Report Some firefighters said they had never seen so many volunteers, and wondered aloud if a volunteer firefighter tee shirt was the only required identification. The last full activation of the EOC was in preparation for the anticipated problems associated with the arrival of the year 2000 (Y2K). As a result, although many county officials had EOC identification (ID) badges, they had long since expired. A current ID system was not in place. Arlington County should work with neighboring jurisdictions and other emergency response agencies and volunteer organizations to implement a uniform identification system. The Governor s Office of Commonwealth Preparedness 2

Federal Response to Hurricane Katrina Lessons Learned [Complete] the development of a credentialing system to allow authorized volunteers and workers restoring critical infrastructure access to relief sites The Federal response should better integrate the contributions of volunteers and nongovernmental organizations into the broader national effort. This integration would be best achieved at the State and local levels, prior to future incidents. In particular, State and local governments must credential their personnel, and provide them the necessary resource support for their involvement in a joint response. The Governor s Office of Commonwealth Preparedness 3

Commonwealth FRAC Mission To use Federal Information Processing Standard (FIPS) 201 technology to deploy a credential that is interoperable at all levels using the standard. To enhance not only Virginia's response and recovery efforts, but those of the Nation as well, so that credentialing no longer delays those efforts in any scenario requiring the deployment of Emergency Responders. *FRAC First Responder Authentication Credential Governor s Office of Commonwealth Preparedness 4

Commonwealth FRAC Program The Commonwealth developed a Federal Information Processing Standards 201 (FIPS 201) interoperable (or PIV-I) FRAC Program using multi-year State Homeland Security Grant (SHSG) funding The FRAC is a standards-based smart card that is issued to the Emergency Response Community and recognized as a true representation of identity and other pertinent data The FRAC provides an interoperable identity credential platform for all Federal, State, local and private sector Emergency Responders Enhances cooperation and efficiency between Federal, state, regional, local, and private sector emergency responders before and during a critical incident Governor s Office of Commonwealth Preparedness 5

FRAC Capability During incidents such as natural and man-made disasters, there is a need to expeditiously authenticate and validate federal, state, local and private sector emergency responders: The FRAC is the standard credential for Virginia Emergency Response Officials. Verify the identities, attributes and credentials of emergency responders at incident scenes. Allow access into and out of secured areas and across multijurisdictions. Identifying a person s status within Sectors, Agency, or ESF. Governor s Office of Commonwealth Preparedness 6

Interoperability Terminology for Identity Cards Federal CIO Council releases Personal Identity Verification (PIV) Standard for Non-Federal Issuers in July 2010: PIV Card (PIV) an identity card that is fully conformant with federal PIV standards (i.e., Federal Information Processing Standard (FIPS) 201 and related documentation). Only cards issued by federal entities can be fully conformant. Federal standards ensure that PIV Cards are interoperable with and trusted by all Federal government relying parties. PIV Interoperable Card (PIV-I) an identity card that meets the PIV technical specifications to work with PIV infrastructure elements such as card readers, and is issued in a manner that allows Federal government relying parties to trust the card. The FRAC is a PIV-I card. PIV Compatible Card (PIV-C) an identity card that meets the PIV technical specifications so that PIV infrastructure elements such as card readers are capable of working with the card, but the card itself has not necessarily been issued in a manner that assures it is trustworthy by Federal government relying parties. *As defined by the Federal Identity, Credential, and Access Management (FICAM) Roadmap and Implementation Guide and the Personal Identity Verification Interoperability for Non-Federal Issuers document. Governor s Office of Commonwealth Preparedness 7

Department of Defense and PIV-I The Department [DoD] is aggressively moving to accept qualified PIV-I credentials for access to physical and logical resources. In those cases where DoD relying parties, installation commanders, and facility coordinators determine that granting access is appropriate and that appropriate vetting requirements are met, they should begin accepting DoD-approved PIV-I credentials for authentication and access. Governor s Office of Commonwealth Preparedness 8

The Northern Virginia FRAC Pilot The Commonwealth developed a pilot FRAC using the Virginia portion of a NCR UASI grant in 2006 Virginia was the first nationally Issued over 2,300 FRACs to Arlington County and the City of Alexandria Emergency Response Community Credential certificate life cycle to ended in March 2010 Governor s Office of Commonwealth Preparedness 9

Hampton Roads Region FRAC Program Secured additional DHS grant funding for FRAC implementation in the Hampton Roads region Hampton Roads Regional Credentialing Working Group Public and Private participation Institutionalize as a business process to increase ROI Governor s Office of Commonwealth Preparedness 10

Hampton Roads FRAC Topography Governor s Office of Commonwealth Preparedness 11

2010 Hampton Roads Credentialing Roll Out Verizon Business - Set up and configuration of the solution infrastructure (hardware, software, support and services) Deployment of the 8 enrollment and issuance stations hosted and operated by localities. 39 handhelds for on-scene credential validations 12,900 FRACs $3.2 M (over three FY grant cycles) Governor s Office of Commonwealth Preparedness 12

Next Steps Credential issuance using PIV-I standard Emergency Responders and CIKR Responders Localities develop Standard Operating Procedures (SOP) for credential use during emergencies as well as for routine use (physical and logical access) Initial issuance station deployed in Newport News Re-engage in Northern Virginia Begin to initiate issuance planning for the remainder of Virginia Governor s Office of Commonwealth Preparedness 13

Contact Information Mike McAllister mike.mcallister@governor.virginia.gov Office: (804) 692-2596 W. Duane Stafford duane.stafford@governor.virginia.gov Office: (804) 225-4502 Governor s Office of Commonwealth Preparedness 14

DC One Card PIV-I Usage Scenarios Smart Card Alliance November 16, 2010

Contents DC One Card Background Program Objectives Click to edit Master text styles Goals Second level Card Uses Third level Roadmap Fourth level Fifth level Maturity Path Phased Implementation PIV-I Case Studies Taxicab Smart Meter Solution Future PIV-I Uses 2

Objectives Citizens have multiple ID Cards Citizens have multiple online identities Click to edit Master text styles Objectives Second level Convenience Third level Security Fourth level Cost Savings Fifth level Fraud Reduction Agency A User ID: Password: Agency B User ID: Password: Agency C User ID: Password: Agency D User ID: Password: dc one ID User ID: Password: Improved Access First Responder Support Standard Tools 3

DC One Card Roadmap ITSM Planning Stage 1: Establish / Confirm Vision Program Goals Click to edit Master text styles Second level Third level Fourth level Fifth level 4

One Card, Many Different Uses as Determined by the Customer Agency DCPL uses it for: Borrowing privileges Tracking due dates, fees Online access DPR uses it for: Identification Facility access Reservations Usage DOES uses it for: Identification Time Tracking Click to edit Master text styles Second level Third level Fourth level Fifth level DCPS uses it for: Identification School access Attendance Cafeteria / library use WMATA uses it for: Metro rail Metro bus Parking lot access Agencies use it for: Identification Door Access

DC One Card Roadmap ITSM Planning Stage 1: Establish / Confirm Vision Maturity Path Click to edit Master text styles Second level Third level Fourth level Fifth level 6

Challenge / Situation: Case Study High Assurance Credential Taxicab Smart Meter Solution Eliminate extensive cab driver license fraud Improve poor trip reporting Solution Approach Click to edit Master text styles Second level Third level Fourth level Fifth level Issue standard PIV I credential to all taxi cab drivers Deploy modern cab infrastructure integrated with PIV I credential solution Expected Benefits Significantly reduce taxi cab fraud Improve accountability and passenger safety Improve services to customers (e.g., credit card, interactive services) Introduce additional revenue opportunities for drivers and the DCTC 7

Future PIV-I Uses FRAC Medicaid Food Stamps WIC Click to edit Master text styles Second level Third level Fourth level Fifth level Child Support Expanded Online Government Services Utilities 8

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback