Military sites are critical facilities where staff and personnel need to be well protected. Access control, thus, becomes very important. This article discusses some of the access control technologies and solutions commonly in use at military sites.
Military sites are critical facilities where staff and personnel need to be well protected. Access control, thus, becomes very important. This article discusses some of the access control technologies and solutions commonly in use at
military sites.
Military sites house soldiers and military personnel who are important to the country’s defense and wellbeing. These sites are often subject to physical/cyber breaches or attacks. For example, earlier this year, a man gained access to the housing area of Joint Base Andrews, home of Air Force One and one of the U.S.’s most sensitive military bases. A resident of the base opened fire at the man, who was then arrested at the scene.
“Military sites are very large and distributed facilities, similar to a small town and a lot of people need to enter and exit each day. The volume of people entering in mornings is very high and people need to move through very quickly. An additional challenge is most people entering are in a vehicle as parking is typically inside military facility,” said David Smith, CEO of Identity One.
Access control solutions used
This is where security, especially access control, plays an especially crucial role. It can effectively authenticate and grant/deny access to individuals or vehicles going into the site. That said, below are some of the access control technology and solutions commonly used at U.S.-based military facilities.
Cards
According to Smith, all enlisted personnel are issued a Common Access Card (CAC). “CACs have all the elements of a PIV card and additional data related to base location, rank and paygrade. A CAC contains an enlisted members’ face photo and fingerprint template,” he said. “A military base will often also issue access control cards for specific local access. The technology ranges from simple proximity cards to encrypted and secure MiFare Desfire EV3. The decisions on which technology to use is made by the base commander.”
Biometrics and multifactor authentication
Increasingly,
biometrics are used as a means for authentication at various end user entities. Military facilities are no exception. According to Smith, the most common biometric used at military sites is fingerprint, as a fingerprint template for matching is stored on the CAC.
When cards and biometrics are used individually, they can already play an effective role at military sites. Yet there are certain sites that are especially critical and require even stronger protection. In this situation, the site commander may opt for multifactor authentication, which uses a combination of access control factors to vet people.
“The level of assurance is based on the infrastructure and/or information being protected. The first tier of assurance is card only with CAK authentication. Put simply, this is ‘something you have’ and certainty the ‘something you have’ is authentic and has not been tampered,” Smith said.
“The second tier of assurance is card + pin with PIV authentication. Additional assurance is added by the cardholder having to enter the PIN prior to PIV authentication being able to be completed. Put simply, this is ‘something you have and something you know,’” Smith continued. “The third and highest level of assurance is card + pin + biometric and PIV authentication. This level has all the validation and assurance of level 2 with the addition of the fingerprint template or face photo (biometric) read from the CAC and verified against a live acquisition. Put simply, this is ‘something you have, something you know and something you are.’”
Mobile access has yet to catch up
Mobile credentials are increasingly deployed at end user entities, where users can use their mobile device to authenticate. However, this trend has not yet caught up at military sites. “Mobile credentials are not yet widespread within military sites. There is some concern about the ability of IOS devices and Android devices to be compromised,” Smith said.
As an example of military site access control deployment, Smith cited the
successful testing of Identity One’s joint solution with Convergint Federal for a North Carolina military facility, which expressed a need to register CACs into an air-gapped AMAG physical access control system (PACS). Using FIPSlink from Identity One, the Convergint Solution enables the AMAG PACS the opportunity to validate, authenticate and register a PIV, PIV-I and/or CAC, in addition to providing one, two or three-factor authentication. Further, Convergint’s integrated solution together with Identity One’s FIPSlink software ensures the facility’s ability to become fully FICAM compliant when requirements change.
Smith stressed that US Armed Forces do not specifically require FICAM compliance for access control systems. However, FICAM compliance is encouraged. “The decision on how far into FICAM compliance the military facility should go is made by the base commander,” he said. “Relationship and proximity matters – a lot of decisions are made locally but must operate within guidelines that are broadly defined.”