New SIPRNet smart card protects secure networks
By Staff Sgt. Brian Stives, Air Force Global Strike Command Public Affairs
/ Published April 19, 2012
BARKSDALE AIR FORCE BASE, La. (AFNS) -- Barksdale Air Force Base is evaluating a new smart card, known as a hardware token, on the Secret Internet Protocol Router Network, or SIPRNet.
"As we learned through the events of Wiki Leaks, we had a blind spot in protecting our classified networks," said Robert S. Jack II, Air Force Global Strike Command director of communications. "So at the DoD and national level, we have a national strategy and program to implement a Public Key Infrastructure hardware based authentication system on the classified network - hence the SIPRNet token."
Air Force Global Strike Command, along with members from select units and combatant commands, began using the new smart cards, as participants in DoD's SIPRNet hardware token Initial Operational Test and Evaluation. Similar to the common access card, the SIPRNet token contains individual PKI certificates used for network logon, Web site authentication and secure e-mail.
Similarities between the CAC and SIPRNet tokens exist--both are hardware tokens, cryptographically bound to your identity, and the card format is an exact duplicate. The differences between the cards are very pronounced, but not obvious to the average user, other than the fact the SIPRNet token doesn't have a picture, name, grade or service component listed.
"The card was created to get us to a state of security on our classified network where we do a predominate amount of our command and control work in the business to fly, fight win, in a much more secure and sustainable fashion than the login ID and password," said Jack.
The new token also helps the communication squadron's help desk area because everyone will have password and not have to remember multiple passwords.
"Life will be much easier with this token because users only have to remember an eight digit pin and it is one that is not required to be changed or refreshed every 90 days," said Jack.
There have been 1607 SIPRNet tokens issued at Barksdale AFB, or roughly 63 percent of the base. Some users have discovered issues with the cards as the roll out continued.
"We are going through and finding all of the infant problems associated with a new program and technologies and we did find some glitches," said Jack. "We found out that two of the technologies were like two ships passing in the night and not communicating, so we are working with the Air Force PKI and DoD program office to fix those."
The DoD-wide implementation date is December 2013, and AFGSC pushing hard to be the first MAJCOM to issue tokens to all its SIPRNet users, well ahead of the implementation date .
"I'm extremely proud to be part of AFGSC and the leadership here from [Lt.] General [Jim] Kowalski on down to the wings, they have been absolutely committed to doing this project," said Jack. "They understand the operational imperative because cyber is a contested environment and you don't have to go any further than today's newspaper to read the latest and greatest exploits of things happening to people, like identity theft, intellectual property theft or cyber crime, happening to people in the wild, wild world of the web. Therefore, this is our approach to dealing with it. This program comes with great benefits to the users."
The SIPRNet token will roll out to the rest of the command in stages. F.E. Warren Air Force Base, Wyo., and Malmstrom Air Force Base, Mont., will be in the second phase of rollouts.
"It is very much aligned with the fundamental precepts of safe, secure and efficiency in the management and oversight of the nuclear enterprise," said Jack.