Events, news, technologies and products about cyber security
Tuesday, March 18, 2014
[defensesystems] Enemy ID: How DOD uses biodata in the field
Thirty years ago, it was still largely the stuff of sci-fi, and overwhelmingly limited to fingerprints. But biometric security today is quite real and evolving well beyond inky ’prints alone. At root is capturing peoples’ unique physical characteristics: their biodata.
Iris, scent and subway explosive-trace detectors are taken very seriously. Military planners, like their civilian infrastructure and homeland security counterparts, use video-linked “behavioral recognition analytics,” leveraging base protection and counter-IED operations.
Some companies flog web-cam analysis, others, “gait recognition” — that is, individuals’ walking patterns. Cheek swabs yield DNA. Voices and lip movements are analyzed.
Interest in biometrics is rising on several fronts, spurred by a growing list of security catastrophes. One is vulnerabilities exposed in 2011 with Defense Department contractors’ SecurID Common Access Cards. Passwords for 100,000 of them had to be changed. Revelations from Edward Snowden and Chelsea Manning profoundly deepened everyone’s concerns.
Hence, DOD enterprises are moving increasingly to bio-identification and authentication solutions, all under the construct of Identity Dominance.
Enabling this is DOD’s Next Generation-Automated Biometric Identification System (NG-ABIS). Its executive agent, DOD Biometrics, under the auspices of the Army Program Executive Office-Enterprise Information Systems, dubs it “the central, authoritative, multi-modal biometric data repository.” To date, its focus has been on collection biodata on terrorists, insurgents and other potential adversaries.
The multimodal SEEK II can capture dual iris scans as well as fingerprint and facial scans.
Army Col. Sandy Vann-Olejasz, ABIS’ program manager, told Defense Systems that the system is used to “maintain biometric signatures [physical traits] on known or suspected terrorists, and third country nationals [seeking] employment with the U.S. military.” Matches with U.S. agencies’ or allies’ databases move “enrollee” or detainee names to a known or suspected terrorist watch list. Biodata also is employed for cleared access for non-U.S. citizens at some U.S. military installations abroad.
The single locus of ABIS is Clarksburg, W.Va., and the capability is used to support missions in numerous locations, Vann-Olejasz said. Only the globally linked biometric collection devices are deployed to theater. Built around digital cameras, they’re bread-loaf sized.
The system comprises several reconfigurable pieces: a hand-held multimodal device such as the SEEK II (Secure Electronic Enrollment Kit), a laptop computer with ID-processing software; traditional 10-roll fingerprints (inked or scanned); palm, iris and facial scans; and the information repository. The last is a burgeoning trove of physical data on extremists, terrorists, insurgents and “persons of interest” here and abroad.
The laptops connect to servers ensuring regular updates of vital biometric records. Because it’s “central,” the system can be employed by and integrated with databases of other uniformed branches, as well as homeland security, law enforcement and other federal agencies. For instance, ABIS melds with the FBI’s Integrated Automated Fingerprint Identification System (IAFIS) and the Department of Homeland Security’s IDENT System. Access speeds are said to be near instantaneous. ABIS performs many tasks: assisting intelligence and counterintelligence operations, Iraqi and Afghan security force screening, detainee operations, and post-IED incident exploitation; presence operations, local population control, seizure operations, and base access control.
ABIS is an important step forward in combating known terrorists, chronicling “might-bes” and dissuading others. But it’s not without challenges.
A bugbear in any relatively new system (this one dates to 2005), as with military communications writ large, is interoperability. ABIS communicates with other vast biodata repositories at play across branches, agencies and continents. (Certain U.S. allies share data.)
And while such interconnections are relatively smooth, Vann-Olejasz acknowledged that, “seamless interoperability continues to be an ongoing effort.” That echoes a finding in a General Accountability Office biometrics report from 2012 stating that sharing was insufficient.
GAO last June also questioned ABIS’ efficiency and management. Among other lapses, the report said there was “no published date” for biometric enterprises’ activities, and little “guidance on how DOD components are to collect and report their budget data.”
Another issue is the system’s multimodal biodata capture devices. Vann-Olejasz acknowledged technical downsides to the do-all technology, but said, “All-in-one devices are designed for portability – lightweight and ruggedized – which means they’re usually self-contained and cost more.”
The investment in portability is a “trade-off to technical obsolescence,” she said. The hardware is “typically not upgradeable to newer biometric technology,” such as replacing the fingerprint platen to reduce weight or improve image quality.
That applies as well to processors and memory needed to handle an increasing overhead of cybersecurity tools and operating system changes.
Rather, “improvements that can be made to extend the lifecycle of a handheld device are [limited to] software improvements providing better algorithms, faster transaction management and improved workflows,” she pointed out.
Conversely, these downsides don’t diminish “the critical need for a multimodal portable biometric capability,” Vann-Olejasz said. “By collecting [multiple] biometrics you increase the likelihood of a match with the authoritative database which may only have one fingerprint or only irises associated with an identity; ultimately increasing the probability of identifying a person of interest.”
As well, redundant captures for iris, palm, fingerprints and so on can be useful in capturing persons of interest. “If we enroll the same individual at numerous sites during many incidents, it triggers action to connect the dots and appropriate action is taken.”
The enemy, Vann-Olejasz said, will always try to find a way to get around force protection measures. “Fortunately, biometrics is an evolving field and takes away the anonymity of the enemy,” she said. “Biometrics is expanding into many aspects of our environment i.e., force protection, ID cards, cell phone user authentication, hospital registrations, etc.”
As it does, “we strive to keep ahead of countermeasures and contribute to security across the full spectrum of military operations.”
And those compromised DOD Common Access Cards? At last check, studies were underway for new biometrics-based CACs. Biometrics in, passwords out?