HSPD-12: An Exercise in Teamwork

Security Industry Association (SIA)

I remember when Homeland Security Presidential Directive (HSPD) 12 was first published on Aug. 12, 2004. This directive by President George W. Bush called for a governmentwide personal identity verification (PIV) standard for access to federally controlled facilities and networks.Industry was eager to assist in providing the latest security solutions for what could become a significant new market, creating demand in the much larger private sector as well.

The Security Industry Association (SIA) teamed up with the Smart Card Alliance to educate our members. Hundreds came together, including government officials, as we all sought to fully understand the impact the new PIV card would have on our businesses, product designs and future operations of security systems. We all pulled together to help achieve the critical homeland security objective of HSPD-12.

However, we got off to a rocky start. First, industry learned that the established ways of multifactor authentication, biometrics, contactless radio frequency identification, rapid throughput and integrated physical security were out. Public key infrastructure (PKI) was in. Of course, industry welcomed new technology for enhanced security, and was often invited to appear on the stage to present our issues at workshops held by the National Institute of Standards and Technology (NIST). A few of us participated in the GSA Evaluation Program Technology Working Group (EPTWG).

But as we worked to explain the nuances of effective physical security to various bodies of government including NIST, GSA’s Evaluation Program and others, we struggled to ensure the implementation of HSPD-12 was informed by industry expertise.

In April 2009, I testified before Congress on these issues, representing SIA. The room was packed and the press was covered the hearing. Instead of partisan posturing, the chair and ranking member together challenged the government officials responsible for development of PIV cards to resolve issues and get them deployed ASAP—in the interest of national security.
Industry continued to work together. Our various groups such as SIA’s PIV Working Group, which I chaired, offered comments on FICAM and NIST Standards and Special Publications. Little by little, our input was received and understood.

The public and private sectors are all on the same side and want better security. Although we were always provided with an open forum and were welcome to present our latest technologies, standards and lessons learned, a real breakthrough finally came with the reformulation of the GSA EPTWG, oriented around FICAM. Our input was taken seriously, and we began to collaborate in achieving common goals.

Now government is listening to industry more on issues like contactless, biometrics, mobile, fast throughput and others that make PIV effective in physical security systems. While implementation of HSPD-12 has yet to be fully completed, success is ultimately achieved by people—not technology—and providing greater security for our nation happens with the right teamwork.

On its 10th anniversary, congratulations to all involved in in the formulation and implementation of HSPD-12.

The views and opinions expressed in guest posts and/or profiles are those of the authors or sources and do not necessarily reflect the official policy or position of the Security Industry Association (SIA).