An official website of the United States government
A .mil website belongs to an official U.S. Department of Defense organization in the United States.
A lock (lock ) or https:// means you’ve safely connected to the .mil website. Share sensitive information only on official, secure websites.

Computer logon changes set to improve security

  • Published
  • By Dennis S. Hernit
  • AFMC Communications Directorate; Policy, Plans, and Requirements Division
WRIGHT-PATTERSON AIR FORCE BASE, Ohio --  Logging onto a government computer will never be the same for most people starting in August thanks to tighter security measures taking place across the Department of Defense.

The changes are a response to ongoing attacks on government computer systems by organized groups, which are often outside the United States. AFMC will begin transitioning to the new logon procedure this month.

Once the new system is operable, people will have to use their Common Access Card and a PIN (personal identification number) to access a government computer.

"Information riding our networks is more valuable than ever, while the threats facing our networks grow in sophistication on a daily basis," said Lt. Gen. Michael Peterson, the Air Force Chief Information Officer, in an Air Force Times interview. "The simplest and most effective way to mitigate the risk is with smart card logon."

Requiring people to use their smart card to log on to their computers will add an extra layer of protection the DoD is looking for in a time when information security is so crucial.

"Air Force smart card logon (Common Access Card logon) is more secure than a traditional username and password logon because it requires two factors," said Daniel O'Neal, the director and program manager of the Air Force Public Key Infrastructure System Program Office, Lackland AFB, Texas. "The first factor is called 'something you have', the CAC. The second factor is 'something you know', your PIN. The current way we access a government computer uses two things we know from memory, a username and password. The username and password system can be easily compromised and easily stolen without a person even knowing it."

The focus on computer security is an extension of what Michael W. Wynne, Secretary of the Air Force, has been focusing on since he was appointed. In a Letter to Airmen in November 2005 the secretary introduced the new Air Force mission that included delivering options for defense of the U.S. "in Air, Space, and Cyberspace." The new emphasis on cyberspace is a result of continued threats and attacks on government computer systems.

In a February 2006 speech at an Air Warfare Symposium at Lake Buena Vista, Fla., Secretary Wynne discussed the Air Force's various projects with cyberspace technology. About using new technology and anticipating what an adversary may do, he said "our enemies, unfettered by the traditional constraints of distance, space, time, and funding, could strike us anonymously and lethally. Cyberspace is an important component of our plan. Its national boundaries and social/political divides are minimal barriers to operations, and anyone can become a peer competitor with the United States in this arena."

With an increased emphasis on protecting government information, the people responsible for operating and protecting the DoD's information grid, Joint Task Force - Global Network Operations, told the DoD to push up its plan for desktop, laptop, server and Web site security. One of the actions of this tasking was to implement the new logon procedures by the end of July 2006.

To satisfy the mandate, AFMC will implement SCL-only (smart card logon-only) base-by-base starting in April, and will continue through July, officials said. Tinker AFB, Okla., and Eglin AFB, Fla. are set to implement the changes no later than April 30.

"People should ensure their computers have a CAC reader installed, along with the ActivCard Gold software," Mr. O'Neal said. ActivCard Gold allows computers to communicate with software programs that are coded into the CAC's computer chip. People should contact their unit's client support administrator, formerly called the workgroup manager, if they need the reader or the software installed.

"People should also make sure their cards (CAC) are working properly," said Maj. Martin Solis, Chief of the Identity Management Branch at the Air Force Communications Agency. The process for checking CAC cards varies by base, officials said. Some bases may create a Web site that people can access to check their cards. Other bases may use email for people to send a CAC-signed message to a specific mailbox.

Another added security feature to the process allows a user only three attempts total to gain access to a government computer. When an incorrect personal identification number is entered three times, the CAC will have to be reset from a special workstation.

"CAC PIN reset workstations are already available on all AFMC bases," said Mr. O'Neal. "This will help people who have forgotten their PIN or put in the wrong PIN three times." A list of reset workstations is available from a link on the AFMC Web site. Unit client support administrators can assist those who need to find the nearest PIN reset workstation.

AFMC bases are preparing for the changes and getting people ready by individual and large briefings. More information about the new logon procedures can be accessed through a briefing on the AFMC and Air Force Public Key Infrastructure Web sites.

(Captain Paul Baldwin, Air Force Materiel Command Public Affairs, contributed to this article)