CAC Log-on to Increase Network Security
Navy NewsStand
Story Number: NNS060615-20
Release Date: 6/15/2006 3:43:00 PM
From Naval Network Warfare Command Public Affairs
NORFOLK, Va. (NNS) -- The Navy/Marine Corps Intranet (NMCI) is proceeding full speed ahead with the switch to Common Access Card (CAC) log on for most users of its network. NMCI passed the 70 percent completion mark June 15 by converting more than 400,000 of its users to mandatory CAC log-on.
The use of a CAC and PIN replaces the traditional username and password, and will be enforced for all but selected users. NMCI is the first of the Navy’s networks to convert its users to a log on process that is more secure.
“Our goal is to have the NMCI network completely transitioned by July 31st,” said Cathy Baber, Information Assurance lead for Naval Network Warfare Command. “At our current rate, we’re anticipating a complete transition of NMCI before our target date.”
The Department of Defense’s Joint Task Force - Global Network Operations mandated the switch to CAC log-on as part of its information assurance (IA) strategy for protecting its information and networks.
The CAC makes possible the cryptographic log-on, also called CAC log-on, or even CLO. Cryptographic refers to the “crypto key,” the information in the CAC’s chip that verifies a user’s identity. The stored information allows the users to prove their identity by entering a six- to eight-digit PIN after inserting their CAC into a card reader connected to their computer.
CAC log-on is part of the overall network defense strategy known as “defense-in-depth.” The term originated from ground warfare tactics where one’s troops were placed at varying distances inward from the front line, rather than have everything up front at the same time. By spreading the troops in layers, the enemy has to penetrate more than one front, and runs the risk of becoming trapped if it gets in too deep.
Just like on the battlefield, CAC log-on provides that extra layer of protection, in this case, at the level of the individual user, the most important layer of the “cyber security force.”
“The end users are the consumers, gate guards, the weak points,” said Chief Cryptologic Technician (Maintenance) Ken Drummond, IA manager for NETWARCOM. “If someone isn’t following procedures, having a bad day or forgets something, an opening could be created through which an adversary could take advantage and enter the network.”
Drummond said that CAC-log on takes that variable out of the equation by forcing the user to prove who they are with multiple factors.
“Before, when you typed in your username and password, those two together were something you know, but not something you have,” Drummond explained. “Even then, it was easy to figure out someone’s username – first name, last name – then all you needed was the password. And with e-mail, everyone assumed it came from you since it had your name on it.”
Drummond added, “Now with CAC log-on, you can digitally sign an e-mail, which gives the recipient [assurance] that the e-mail is authentic. CAC log-on authenticates the user by verifying what they have (the CAC card) and what they know (their PIN). What CAC log-on gives us is increased confidence that, without hesitation, that e-mail did in fact come from whoever it says it’s from.”
That, he said, is how the use of a CAC adds extra “depth” to network security.
After three incorrect log-on attempts, the card becomes “locked” and must be reset at the local personnel office. Before the card can be unlocked, users have to provide information about themselves, decide on a new PIN, and provide another fingerprint.
Transition to CAC log-on by the Navy began May 22. Full implementation across all of the Navy’s main networks is expected by 2010.
For related news, visit the Naval Network Warfare Command Navy NewsStand page at www.news.navy.mil/local/nnwc/.
|
NEWSLETTER
|
| Join the GlobalSecurity.org mailing list |
|
|
|
