RealTime IT News

Tiers of Trust To Offer IDs In a Crisis

When disaster strikes as it did on 9/11 and Hurricane Katrina, first responders need to get to the scenes as fast as possible. It's also imperative that the authorities know who is there and what their skills are.

Actually providing access credentials in a timely manner to first responders has been an expensive endeavor but one which the newly formed Tiers of Trust consortium aims to alleviate.

The Tiers of Trust consortium is headed by former U.S. Cybersecurity Advisor Howard Schmidt. The consortium is working with security companies including HID Corp., SNS (Secure Network Systems), PGP, OMNIKEY, Catcher, SCM Micro, TX Systems and Clear Government Solutions. Consortium members provide the technology from smart card readers to writers to encryption software that create, enable and manage FIPS 201 (Federal Information Processing Standard 201), compliant smart cards.

"One of the problems we've had is people who were authorized to be at sites that could not get there," Schmidt told reporters during a conference call. "Or in some cases and tragically so, some people had been on site and then become victims themselves and it was difficult to identify who was there and what they were doing."

In the wake of 9/11, the federal government came up with FIPS 201, which mandates that federal agencies use digital smart cards to verify identity of emergency workers. Schmidt explained that FIPS 201 provides an opportunity to close the gap on identification and the reliability of those that need to be there. The skills of first responders can be listed as part of FIPS 201-compliant smart card.

"We're not disparaging the efforts of volunteers with good intentions. It's just that you may have someone who isn't qualified misdirected to someone that really needs a certain skill set," Schmidt said.

Member of the Tiers of Trust consortium are pledging to make it easier, more flexible and cheaper for local jurisdictions to issue FIPS 201-compliant smart cards to first responders.

Schmidt explained that, for example, in a disaster situation a command post would be where the Tiers of Trust smart card would be deployed. This way, when first responders show up with current identification, they could get their FIPS 201-compliant card and use it for access in and out of the command post as well as other secured areas.

The cards could be granted on site or they could be pre-issued to first responders. The true test of the system, according to Schmidt, will be how well and how quickly it can be rolled out when disaster actually strikes.

The U.S. Government hasn't formally backed the Tiers of Trust consortium, but it isn't opposed to it either.

"When the federal government says you must be FIPS 201 compliant, I haven't see any one say some people can do it and some can't as long as you're compliant and doing what they need to do. I don't see why there would be any objections," Schmidt said. "It's up to local jurisdictions to decide how to implement and whether they go with a consortium like this or hire a large integrator to do the same thing."