OMB: Progress slow on issuing ID cards

The federal government remains far from its goal of issuing secure identity cards to its employees and contractors, the Office of Management and Budget reported Monday.

The original deadline set by OMB for agencies to issue cards to all federal employees and contractors was Oct. 27, 2008. But only 31 percent of workers actually have been issued new high-tech cards, which contain the cardholder's fingerprints and other biometric information.

Karen Evans, administrator of e-government and information technology at OMB, said that since the October deadline, agencies have issued more than 120,000 ID cards, bringing the total number of workers with secure credentials to almost 1.8 million. But that represents only a 2 percent increase over the October figure.

"We're technically [behind schedule], since we were supposed to be done last year," said Evans.

President Bush issued a call for the new ID cards in 2004 in Homeland Security Presidential Directive 12. The credentials, which are made of plastic and are about the size of credit cards, contain microchips that store personal information. Employees insert cards into readers that compare the cardholder's fingerprint to those collected in a database. If a match is found, the system gives the holder access to the building or network the holder seeks to enter.

Several larger agencies, including the Commerce, Energy and Treasury departments and the General Services Administration, have yet to issue credentials to all personnel but have plans to do so some time this year. The Interior Department has a target date of October 2010 for full implementation, while the Justice Department doesn't plan to be done until September 2012. The Agriculture and Defense departments have yet to set target dates.

Evans said representatives of the incoming Obama administration have made it clear that they view HSPD-12 as "integral to the security solutions they want to put in place." She said all discussions between her office and the transition team have been "positive in nature."

The pace of implementation of the initiative continued to draw criticism. "Everything we try to do to secure federal networks is undercut by a lack of progress on HSPD-12," said James A. Lewis, director of the technology and public policy program at the Center for Strategic and International Studies. "Authentication is one of the keys to secure networks."

During a conference call, Evans also announced that four agencies have been chosen as shared service centers under the Bush administration's Information Systems Security Line of Business initiative: The Treasury Department's Bureau of Public Debt, Interior's National Business Center, Justice and the Federal Aviation Administration's Enterprise Service Center. Evans said all four organizations now can assist other agencies with the certification and accreditation process required under the initiative, adding that she hoped the move would address criticism that the process is largely a compliance exercise.

"These agencies have demonstrated that they are capable of providing these services in a meaningful way and will be able to provide these services out to other agencies," said Evans.

She also discussed the federal Chief Information Officers Council's transition guide, which lays out the group's priorities for the new administration. Among them are improving information security, promoting information sharing, using Web 2.0 technologies to further engage citizens and pushing green IT practices.