“You say it’s your birthday. Happy birthday to you.” -- The Beatles
So it’s been six years since the nationwide First Responder Network Authority (FirstNET), an independent authority, was created as part of the Middle Class Tax Relief and Job Creation Act. It was a direct response to items in the 9/11 commission report which found that first responder communication in a disaster needed to work much better than it did on that day.
AT&T was chosen as the steward of this momentous project and, for the most part, has been doing a good job. There are, however, many “wires hanging out” when it comes to data and information sharing from federal agencies to the state, local and municipal first responders who bear the brunt of the work as “boots on the ground.” The network, it turns out, while important is not the hard part or the “last mile.” Not even the last 10 miles.
The first application level “plumbing” that needs to be “wired up” is trusted access. This starts with identification, authentication and finally, authorization. Luckily, the Department of Homeland Security (DHS), specifically S&T (Science and Technology Directorate) has been spending a lot of time, working with the National Institute of Standards and Technology (NIST) and NCCOE (NIST Cybersecurity Center of Excellence) to not only identify the components, or, ingredients if you will, but also some reference architectures and best practices … the recipe.
Here are the documents they’ve put together -- this represents a lot of work and thoughtfulness with regard to these important considerations:
- Identity, Credential, and Access Management (ICAM) Executive Primer Identity
- Credential, and Access Management (ICAM) Acquisition Guidance
- Identity, Credential, and Access Management (ICAM) Common Appendices
- Identity, Credential, and Access Management (ICAM) Implementation Guides
The last document is important (not just because it mentions Duo!) in that it’s really where “the rubber meets the road” and helps agencies (both federal and state, local and first responders) move quickly to address this important gap.
Solving this problem is not easy and the fact that the users are first responders (fire, rescue, police and their support community) means that the solution(s) can’t be hard. They can’t get in the way. This is truly “life and death.” So we need to strive to provide solutions that are frictionless, embedded and on top of all that, cost effective.
When it comes to spend for these folks (states, counties and municipalities), if choices and compromises have to be made, they would spend a dollar to buy a new piece of safety gear (eye protections, air filters, etc.) over a piece of IT infrastructure. As it should be. So we have to provide strong, transparent and cost-effective solutions. Folks like Duo, who maniacally focus on user experience, are the providers who can help fill these gaps.
I’d be a little remiss if i didn’t send a shout out to my friends at DHS, S&T and Christine Owen at Oasys for all of their (very) hard work putting these together.