Heading for a biometrics defense appropriations? From the June 8, 1999 Congressional Record (Senate debate):
" Mr. BYRD. Mr. President, I have an amendment at the desk. The Department of Defense operates over two million separate computers and 25,000 distinct computer systems to conduct its mission. These computer systems are integral parts of a wide variety of Department of Defense (DOD) programs. Many of these programs are critical to the direct fulfillment of military or intelligence missions; but other vital activities also affected include command and control, satellites, inventory and transportation management, medical equipment, payment of checks, and personnel records.
"The Department is now becoming aware that attacks on these systems may be capable of significantly affecting our military power, just as surely as a direct physical assault. Experience with 'hackers' and DOD exercises indicate that defense systems, often globally-linked and readily-accessed, are vulnerable to unauthorized penetration of their information networks. Newspapers have been filled with reports in recent days about 'hackers' attacking the web sites of the FBI, the White House, the Department of Interior, and even the Senate.
"For example, I am told that by using unsophisticated 'hacker tools,' intruders are able to crack systems passwords, establish super-user status (network control), search for and turn on microphones or cameras on personal computers connected to the installation campus area network. Hackers may then capture intra-office conversations and live video and download it to their computers. A simple test of the microphone sensitivity revealed low-level conversations were easily heard from roughly thirty feet away. This is particulary critical in areas where classified and sensitive information is stored and discussed.
"The compelling need for controlling access to our Nation's vital information networks through computers becomes immediately evident when one considers just one battlefield scenario--the possibility that one of our important command and control outposts on the ground is overrun by hostile forces. Just imagine what leverage that would provide to a computer-sophisticated enemy. And, I am told that the Department has learned from its experience in Kosovo that this kind of a threat is not limited to major world powers.
"At the present time, the basic process the Department relies upon to protect its computer systems are some kind of card and/or passwords including random characters. Users often are required to have several such cards or passwords in connection with their work. This approach to information security has some serious drawbacks for the long run. Passwords can be forgotten, shared, or observed, and cards can be lost, stolen, or duplicated. Moreover, as the need for even more security grows with advancing technology, the situation will become more cumbersome and less effective. On the other hand, more sophisticated means are expected to become available to make unwanted intrusions, necessitating even more complex password and card systems. There is an emerging technology available to the Department that promises to provide a more effective information security system, and that is biometrics. Almost everyone is familiar with fingerprints. Fingerprints are a biometric signature. Others are voice,face recognition, the iris of the eye, and keystroke dynamics or typing patterns; and I understand there are others as well. With this approach, access to a particular computer or network of computers is controlled by comparing one or several biometric signatures of the person asking to use the machine, with a template on file in a central location that contains the biometric identification of the authorized user of that computer. There is no card. There is no password. The test is whether the potential user is who he or she claims to be. The system authenticates a claimed identity from previously enrolled patterns or distinguishable traits. I understand that in the commercial world there are some examples of biometric identification already in use. Some ATM machines, for instance, now rely on iris signatures to permit access rather than the familiar card we all carry.
"The Army has a particular interest in developing an effective control over the access to its information systems through computers, because of the far flung nature of its forces, and because its battle systems are becoming increasingly dependent on information networks.
"This bill already includes $5.0 million in the Other Procurement, Army, appropriation for an initial biometrics computer information assurance system prototype project. I understand that the Army has exhibited strong leadership in the exploration and development of technologies in the biometrics arena, and is a natural leading candidate to be considered as the executive agent in this work for the Department of Defense and perhaps the federal government. The amendment I am offering is intended to respond to the immediacy of the critical information assurance requirement of the Army, and to build on the Army's leadership role in biometrics technology. The amendment also builds on the biometrics prototype project to explore a more focused and synergistic effort to develop information assurance technology. Finally, it also builds on and anticipates a working relationship with the Criminal Justice Information Services Division of the FBI, which houses and operates the world's finest single biometric data base-- fingerprints. Specifically, my amendment provides an additional $10.0 million for an immediate assessment of biometrics sensors and templates repository requirements, and for combining and consolidating biometrics security technology and other information assurance technologies to accomplish a more focused and effective information assurance effort."
===============
Brad, I'll take that Wendell now.
|
