DOD wants to improve multi-factor authentication around the world — not just at the Pentagon

(Getty Images)


Written by

The Defense Department has painted a grand picture for the future of biometric-based multi-factor authentication.

The end goal isn’t that the eventual technology will be used just for warfighters and Pentagon personnel. The military wants to the rest of the world to benefit from advances in digital identity assurance, a senior defense IT acquisition official said, and the DOD needs outside help to get there.

“It’s a partnership. We can’t do it ourselves,” Terry Carpenter, service development executive for the Defense Information Services Agency, said at the Juniper Networks Government Innovation Forum. “Industry is leading innovation in a lot of places. How we put it all together for the warfighter is some of our joint challenge.”

DOD’s vision for identity assurance, led by DISA, is something that just a few years ago would’ve seemed possible only in movies. DISA wants authentication that isn’t just multi-factor and biometric-based (goodbye, CAC, the common access card). It wants a continuous process, one relying on a plethora of data from sensors that constantly collect and analyze various user behaviors and context. That unsurprisingly includes commercial facial recognition, iris scans, fingerprints and more, but it could also leverage things like locational patterns, gait, speech and keystroke rate.

The rest of the world can benefit from this push for enhanced authentication, the DOD says, even people who never touch classified information.

“We at DISA view that not as a DOD problem. This is a global problem. This is a U.S. citizen problem,” Carpenter said. “How do we help make sure that innovation is not just DOD buying innovation for DOD but it’s all of us collectively putting our innovative resources together to solve the problem for all of us. I personally would love to not have a password for everything I do at home.”

He added: “This is important not just for DISA, but it’s important for all of us to solve as we push technology to the next level.”

Part of DOD’s strategy is to bring in more partners that it doesn’t traditionally do business with through the other transactional authority (OTA), which allows the department to more rapidly fund the research and development of innovative prototypes. Thanks to an added enhancement to that authority, the Pentagon can additionally now move prototypes forward with additional funding for larger production for field use, like a recent contract for endpoint security.

Instead of setting rigid requirements for what it thinks it needs, this authority allows the DOD to partner with private innovators to test for and co-create what it really needs in smaller stages before any larger and riskier investments.

“There’s a lot of good stuff coming out of this idea of let’s change the way in which we’re having the dialogue,” Carpenter said. “Let’s talk about the need and then figure out together how to write the scope of work to solve that problem. And let’s change the game.”

-In this Story-

Department of Defense (DOD), DISA, identity and access management (IAM), multi-factor authentication, Pentagon