Program to Aid Registry
of First Responders"> In contrast, the Tiers of Trust cards, named Emergency Management One cards, will cost $10 each for those who register as first responders with the consortium. Consortium member HID Global is also offering a compatible line of FIPS 201-approved access control readers. For its part, Secure Network Systems, of Denver, is giving the contact reader software away. Tiers of Trust is set up for first responders to be implemented in graduated privileges based on identities. Identification credentials are created with free access to SNS software and then can be implanted on contactless smart cards using the mandatory FIPS 201 fields of the FASC-N (Federal Agency Smart Card Number), CHUID (Card Holder Unique Identifier) and expiration date."Right now, it is cheaper to rebuild everybodys house rather than to give first responders a smart card," Jon Callas, chief technology officer and CSO of PGP Corp., said in a statement. "Tiers of Trust is changing this." Hernoud herself was a first responder in the wake of Hurricane Katrina. On Sept. 2, 2005, her home state of Colorado began to receive hurricane victims. That turned out to be the beta test for the Emergency Management One cards, as SNS issued IDs on demand to hurricane survivors who were showing up with nothing to establish their identitiesno drivers licenses, no birth certificates, nothing. In that instance, the Colorado Bureau of Investigations checked fingerprints before cards were issued. The cards were then used by hurricane survivors to be reunited with family, to ride buses or to open bank accounts, for example. Were the system and cards to be used at a disaster scene by first responders, this is how it would look, Schmidt said: A command post would be set up by a local organization, typically a police department. When a first responder unit shows upsay, a firefighting or Red Cross unitthe first responders would register with whatever ID they have on them, such as a drivers license. A FIPS-compliant card would then be quickly issued to the first responders: 55 seconds was the time it took in the Hurricane Katrina scenario. The card would enable access in and out of the command post and would be used to track a first responderto a particular building, for example, or if the first responder were to be deployed to another location. Another crucial piece of information on the card would be qualifications. That way, a cardiac nurse wouldnt be inadvertently assigned to picking up trash, for example. Eligibility in the program is limited to registered first responder organizations in the United States or its territories. That includes fire, law enforcement, hazmat, rescue and public health organizations; and private sector utilities, communications and transportation companies. The highest-ranking official has to sign off on the programa policy thats meant to discourage turning the program into a skunkworks project without sanction, Schmidt said. "Notwithstanding the resources [already] put into it, theres still an issue of [limited] resources" available to make the program a reality, he said. Therefore, the first 400 organizations that come forth will be prioritized, he said, given that "its a bandwidth issue." First responder organizations can get more information and sign up at www.tiersoftrust.com or www.fips-201.com starting Sept. 11. The sites were not yet live as of Sept. 10.
Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEKs Security Watch blog.
Besides affordability, flexibility is key. HSPD-12 specifies a step approach to credentialing criteria, from least to most secure, to ensure flexibility when dealing with unpredictable disaster scenarios. The Tiers of Trust program addresses this by first tackling the needs of first responders, not all of whom will ever need physical access to federally controlled facilities or networks, for example. This flexible approach also helps to save money.