GLOBAL CHALLENGES

Identity and Access Management�Emergency Edition

Michael Steinhart | Date: 11-01-10 | Comments

Companies of all sizes have to authenticate their workers, both for physical access to the premises and for the data network. But what happens in case of an emergency, when outside personnel need instant access?

Table of Contents:

Identity and Access Management�Emergency Edition

When you report in to work each morning, chances are you swipe a security card over or through a sensor to get past the front desk, and you may swipe again to gain access to your company's office space.

But what happens in case of an emergency? How do rescue workers, firefighters, first responders or other personnel bypass these security measures when necessary?

A recent exercise, conducted by Northrop Grumman and the U.S. Department of Homeland Security's Federal Emergency Management Agency (FEMA), aimed to test the viability of a "global" identification and authorization system and identify areas for further study and refinement.

The Northrop Grumman exercise succeeded in coordinating access card credentials from emergency personnel representing state, local and federal agencies.

The demonstration, conducted earlier this month, showcased the ability to deploy a common, interoperable credentialing system that enables electronic identity authentication for government and industry personnel.

Using standardized personal identity credentials, the system worked across multiple domains and authentication infrastructures to deliver access management, situational awareness, cyber-secure communications and post-event reconstruction. Participants included federal, state, local and private-sector emergency response and recovery officials who are assigned to the front lines for rescue or recovery missions.

Keith Ward, director of Enterprise Security and Identity Management at Northrop Grumman, said the drill highlighted interoperability between newer security card systems and legacy card security standards.

Many federal entities have standardized on the Department of Defense's Common Access Card (CAC), Ward explained. Northrop Grumman itself, as a DOD contractor, has issued around 100,000 Personal Identity Verification (PIV) smart cards to its employees. In many of its office locations, Northrop Grumman has mutual aid agreements with state and local authorities as well. The purpose of the exercise was to prove that the latest CAC credentials could interoperate with legacy technologies like magnetic-stripe cards and even driver's licenses in an emergency situation, to authenticate personnel and provide them with physical and logical access where needed.

One of the scenarios simulated a collaborative incident at Northrop Grumman's shipbuilding facility in Newport News, Va. As first responders from the city, commonwealth and federal government convened on the site, their individual personal identity credentials were presented and read electronically at various authentication points for physical and logical access to the demonstration. These credentials included CACs, PIVs, PIV-Interoperable and First Responder Authentication Codes.

Next: One Card, Many Doors >>