Experts say culture hinders single smart card

The technology exists to create a governmentwide smart card program, but cultural issues and a lack of top-level management support stand in the way of implementation, experts testified today.

A single government smart card is possible, but managerial and policy differences create difficulties, said Joel Willemssen, managing director of information technology issues at the General Accounting Office.

"It would probably be very difficult to standardize it from a management and policy perspective," Willemssen testified today at a hearing of the House Government Reform subcommittee on technology, information policy, intergovernmental relations and the census.

Agencies have different security clearances and access controls. GAO identified 62 smart card initiatives in varying stages at 18 agencies, Willemssen said. One of the next steps, he said, is establishing a governmentwide employee credentialing policy to streamline employee clearances.

"Once you set that policy, then the technology can follow," he said.

Introducing smart cards for physical access or systems access is often met with hesitation, said Sandra Bates, commissioner of the General Services Administration's Federal Technology Services.

"We've identified that the technology's there," Bates told subcommittee chairman Rep. Adam Putnam (R-Fla.). "We're also talking now about a cultural change, and there are barriers. It's gaining acceptance and top management support."

Obtaining the resources for infrastructure and software is also a major challenge, Willemssen said. The costs can be high, particularly if biometrics and public key infrastructure technologies are included, he said.

Ken Scheflen, director of the Defense Department's Defense Manpower Data Center, agreed. "The infrastructure costs and enabling technologies are the hard part because you really have to change the way people do business," he said.

The Defense Department completed the roll out of the infrastructure for its smart card program in July. The program, Common Access Card, is the most advanced smart card program in the world and can serve as a model for other agencies, Scheflen said.

The government needs smart card standards for interagency interoperability, experts said. The standards would outline the common features of each card, then agencies could add capabilities, Bates said. "Some agencies will always have unique requirements and traits, and that's OK, but you have to have a baseline," she said.

GSA and the National Institute of Standards and Technology have taken steps to create those standards. NIST officials have published two versions of their smart card specifications and are working with agencies and industry partners on program requirements. Similarly, GSA established an Interagency Advisory Board, including NIST and other agencies, to refine the specifications. They also awarded a smart card contract in May 2000 to five vendors to provide smart card services across the government based on these standards.