Burden of proof
- By Alice Lipowicz
- Jan 26, 2006
First responders soon may need more than a radio or a password to access interoperable networks under development: They will need to verify their identities.
But will fire and police officers accept having to swipe ID cards on their radios or laptops before calling for help?
The federal smart-card regulations anticipated under Homeland Security Presidential Directive-12 are adding layers of complexity to the already difficult goal of strengthening public safety communications by making radios and networks more interoperable with each other.
The identity management regulations initially affect only federal workers and projects, such as the Integrated Wireless Network, a nationwide, $10 billion, wireless network being developed for law enforcement agents in the Homeland Security, Justice and Treasury departments.
But many state and local response agencies expect eventually to conform to HSPD-12 as they adapt their own systems to verify identities. An example is DHS' plan to distribute 200,000 smart cards to first responders in the National Capital Region around Washington.
"Identity management is the next big challenge for achieving interoperability," said Bill Wagner, director of interoperability and information sharing for AT&T Corp.'s government solutions unit. "It's the next technical hurdle."
NOT SO FAST
As public safety networks become more sophisticated and gain access to more databases and networks, there's now a need to integrate and simplify identity management, so that first responders aren't slowed in doing their jobs by a need to remember and enter excessive personal identification numbers and passwords.
Since 9/11, when the attack sites were flooded quickly with volunteers trying to help, there has been more emphasis on controlling physical access to disaster scenes.
But the smart-card solutions envisioned under HSPD-12 may present special issues for first responders. Typically, these solutions include a plastic card with a radio frequency identification chip or magnetic tape containing biometric information that must be swiped or read by a reader.
These methods do not "always work in a rapid, highly mobile responder environment," Wagner said. "With safety at stake, you don't want to have to worry about swiping a card and taking time to establish an identity credential. You've got to address the safety and operational aspects of this."
An alternative that AT&T is examining is voice recognition, which is easier and quicker to use than a smart card, he said.
Another concern is the potentially high cost of the solutions, which would present an obstacle to the plan to distribute smart cards to thousands of fire, police and emergency medical first responders in Washington and its Maryland and Virginia suburbs.
The cards would verify identity for access not only to disaster scenes and agency computer networks, but also to regional networks such as CapWin, a wireless public safety network, which gives access to many public safety and criminal databases.
Local jurisdictions participating in CapWin would like to follow the federal standards for ID management because of the "heavy federal presence in the area," said Roddy Moscoso, communications director for CapWin. But some agencies object to the high cost of creating and managing online identity databases, which would have to be updated and operate around the clock to verify information on smart cards.
"The goal is to create a regional method for identity management," Moscoso said. "The difficulty is tying this to each jurisdiction's human resources agencies and systems, and keeping the information live, updated and available for use."
The National Capital Region's first responders are open to identity management with a smart card, said Jim Schwartz, fire chief for Arlington County, Va. "Where we ran into some difficulty was in agreeing to the cost-sharing. There is an ongoing cost of maintaining" the system, he said.
Such problems in applying identity management tools to first responders are just starting to be addressed, and already there has been a request to exempt first responder radios from the HSPD-12 requirements, at least temporarily, to avoid the possibility of disrupting service.
Complying with HSPD-12 "could result in service disruptions and performance degradation for public safety officers and agents in the field," James Downes, chairman of the Federal Partnership for Interoperable Communications, wrote May 9 to Karen Evans at the Office of Management and Budget. The partnership is part of DHS' wireless management office overseeing federal wireless networks.
"To accomplish this implementation, more than 100,000 subscriber units and tens of thousands of wireless devices must be taken out of service and upgraded. This ... must be performed on fully operational systems that support real-time public safety tactical operations," Downes wrote.
To address the concerns, Downes asked OMB to recommend that the federal government, for an unspecified period of time, waive HSPD-12 authentication requirements for federal tactical wireless systems, particularly for land mobile radios used by first responders. Downes and DHS officials declined to respond to numerous phone calls requesting comment.
But granting such waivers won't necessarily bring first responders closer to a solution, AT&T's Wagner said. If additional investments in systems are made, the public safety agencies risk becoming further entrenched in legacy technologies that lack identity management tools.
"We support moving toward the standards," Wagner said. "As procurements go out, if waivers are granted, they should not be granted just to make things easy. They need to be balanced with the need to have a migration to implement the standards down the road."
In the National Capital Region, for example, federal grants have been used to create a cache of 1,000 new Land Mobile Radios, which can be made available in a crisis to any jurisdiction in the region. But the cache predates HSPD-12 standards.
Staff Writer Alice Lipowicz can be reached at email@example.com.
Alice Lipowicz is a staff writer covering government 2.0, homeland security and other IT policies for Federal Computer Week.