IN THE BOARDROOM™ with...
Mr. Daniel J. Chenok
Vice President & Director,
Business Solutions and Offerings
SRA International, Inc.
www.sra.com
(NYSE: SRX)
SecuritySolutionsWatch.com: Thank you for joining us today, Dan. Let's
start with a brief overview of SRA and the services the company provides
to customers in the federal government.
Daniel J. Chenok: SRA is a leading provider of technology
and strategic consulting services and solutions - including systems design,
development, and integration; and outsourcing and managed services - to
clients in national security, civil government, and health care and public
health. The Company's 5,100 employees currently serve over 275 U.S. government
clients on over 900 active engagements from SRA headquarters in Fairfax,
Virginia, and offices across the country. FORTUNE® magazine has chosen
SRA as one of the "100 Best Companies to Work For" for seven consecutive years.
SecuritySolutionsWatch.com: Please give us an overview of your background and your role at SRA.
Daniel J. Chenok: I am Vice President and Director of
Business Solutions and Offerings (BSO). BSO is the cross-company matrix
that houses most of SRA's company-wide practice areas, including enterprise
architecture and portfolio management, knowledge management and information
sharing, business intelligence (data and text mining), wireless integration
services, infrastructure management (including enterprise systems management
and managed services), enterprise resource planning (ERP), and identity
management. We have experts, methodologies, services and products, marketing
and execution templates, and other elements that differentiate our offerings
in terms of value for the customer.
I also serve as the Chair of the National Institute of Standards and
Technology's (NIST's) Information Security and Privacy Advisory Board,
which advises NIST and the Office of Management and Budget and reports
to Congressional committees on emerging managerial, technical, administration,
and physical safeguard issues relating to information technology (IT)
security and privacy issues.
Prior to joining SRA in January 2004, I was the head of the IT policy
and budget branch of OMB.
SecuritySolutionsWatch.com: What are the key market drivers
for the Secure ID market at this time?
Daniel J. Chenok: The primary drivers in the Federal
space are Homeland Security Presidential Directive-12 (HSPD-12) from a
requirements perspective, and law and policy around security and privacy
from a compliance perspective. Specifically, HSPD-12 establishes a mandatory,
government-wide standard for secure, reliable forms of identification
issued by the Federal Government to its employees and contractors. This
Directive and its deadlines, established in policy by NIST, have set in
motion a significant increase in demand that has reshaped the ID market
around interoperable credentialing.
At the same time, HSPD-12 implementation must comply with the Privacy
Act, Federal Information Security Management Act (FISMA), and a variety
of related laws and policies designed to mitigate risk and promote user
confidence. In addition, the Real ID Act is forcing similar issues to
be considered in credentialing state drivers' licenses; and e-passports
are creating a focus on the same issues for international documentation.
As a result, the Secure ID market must address efficiency of use and
guard against misuse.
SecuritySolutionsWatch.com: What are the "interoperability"
issues in the Federal ID space?
Daniel J. Chenok: ID interoperability issues involve
translation of credentials across Federal domains. In simple terms, a
credential at the Department of Education should provide appropriate access
at the Department of Labor. Making this a reality involves complex issues
of law, systems design, and culture. HSPD-12 attempts to address these
issues through consistent card topology, but enough discretion is left
to the agency that cards may have subtle differences that render reuse
more difficult. An alternative approach, and one that SRA is developing
with the Department of Defense (DoD) and a variety of industry partners,
including EDS and Northrop Grumman, involves a federated approach to credentialing,
whereby multiple entities agree to a set of rules that enable them to
"trust" each other's credentials without requiring issuing new
cards or software-based tokens. This approach is the Federation for Identity
and Cross-Credentialing Systems (FiXs), a public-private partnership dedicated
to building and deploying a secure, interoperable identity and cross-credentialing
network.
SecuritySolutionsWatch.com: What about privacy issues?
Daniel J. Chenok: Privacy issues in the Federal market
are significant. Recent publicity around data breaches and laptop thefts
demonstrate that if the Government gets privacy wrong, whether by perception
or reality, the impact can go well beyond a commercial model in terms
of public and Congressional scrutiny. SRA uses a specific methodology,
known as PILLAR, which incorporates privacy into every aspect of the systems
development life cycle, giving our clients the advantage of building privacy
into ID and other applications up front, rather than implementing reactive
and more costly solutions after incidents occur.
SecuritySolutionsWatch.com: Without divulging any proprietary
or confidential information, of course, are there one or two SRA success
stories you would to talk about?
Daniel J. Chenok: Our work with the FiXs consortium
has created a path for Federal and state agencies, contractors, and even
commercial entities, to enable large numbers of credentials to be interoperable
and secure, in a way that preserves privacy and security at the appropriate
level. The FiXs model is scalable and available; in fact, SRA is the first
entity that will receive FiXs credentials, and these will be consistent
with both HSPD-12 and DoD policy (FiXs grew out of a DoD program of credentialing
interoperability).
SecuritySolutionsWatch.com: You recently presented at the
Advanced Identification Systems Conference. May we have an overview of
the key issues and trends you addressed?
Daniel J. Chenok: I discussed the Federal direction
for identity management, the various approaches that SRA is taking to
address the market, and key elements that the industry can provide to
help solve problems that agencies face.
SecuritySolutionsWatch.com: Thanks again for joining us.
Are there any other subjects you'd like to discuss?
Daniel J. Chenok: I see a bright future for the secure
ID market. SRA and other systems integrators are developing secure ID
technology to respond to the increasing demand in this market. We look
forward to working with our customers and partners going forward to provide
value in addressing these issues of national significance.
|