DOD delays smart card deadline
Defense Department now looks to have Common Access Cards out to all personnel by October 2003
The Defense Department will not make its goal of having digital certificates in the hands of all 3.5 million DOD personnel by October and instead is looking to have those certificates out to all DOD personnel one year later, by October 2003.
The initial DOD mandate, which was set in 1999, was probably overly aggressive, said Dave Wennergren, deputy chief information officer for e-business and security. Wennergren is also part of the team in charge of DOD's effort to distribute the Common Access Cards (CAC) across the department.
"We won't meet the end of fiscal 2002 goal," he said, adding that the end of fiscal 2003 is a "realistic deadline."
DOD started handing out the Common Access Card — a secure, multi-application smart card for physical identification and building and network access — in October 2001. The new deadline is "basically giving us two years to roll out 3.5 million cards. I don't think you could do it faster than that; at least I haven't figured out a way to do it," Wennergren said.
The CAC is embedded with a digital certificate that will enable secure communications across the organization.
The CAC is one of the largest distributios of smart cards ever, Wennergren said, and even the two-year timetable is still quite aggressive.
Since 1999, there have been changes in the digital certificates themselves. The early plan used software-based certificates, which necessitated that each person across DOD be given a floppy disk containing the certificate. That certificate would then reside on the hard drive of the person's PC.
Embedding the certificate in the Common Access Card is more secure because the certificate is housed on the card, making it more difficult for crackers to get at the certificate, he said.
"We set a mandate for ourselves and then, as we found the best solution to do it, we set the timeline," Wennergren said.
NEXT STORY: FirstGov for citizens coming soon