recommended reading

Getting on Military Bases Is About to Involve FBI Background Checks

SOMMAI/Shutterstock.com

Members of the defense community, starting this Friday, automatically will be screened against the FBI's criminal database when they try enter military installations and pulled aside if the system shows an arrest, felony or outstanding warrant.

The new Defense Department tool is part of a larger, governmentwide effort to continuously vet people with access to secure facilities, following shootings at Fort Hood and the Navy Yard.

Identification smartcards issued to troops, veterans, relatives and other individuals permitted to enter military bases have long been checked against a DOD database before access is granted. But an instant FBI background check has never been part of the process.

Beginning this week, DOD's information technology system will tap the FBI’s National Crime Information Center system, Nextgov has learned. 

This linkage had been in the works for several years but took on renewed urgency after the Sept. 16, 2013, Navy Yard slaying. Gunman Aaron Alexis entered secure areas using a valid ID card, despite having an arrest record and a history of other infractions.

"This all comes back to the Washington Navy Yard process, which was a big deal -- but the real change that happened was the physical security community and the IT guys talked to each other and said, ‘You know what, it’s not a physical security problem; it’s an identity problem," said Michael Butler, deputy director for identity services at the Defense Manpower Data Center. "When you look at it that way, it completely changes the game." He was speaking Thursday evening at a Smart Card Alliance event

Butler said the accuracy of a trial run of the system, called the Identity Management Capability Enterprise Services Application, has been "stunning.” He declined to disclose figures on matches.

“On Aug. 8, the Identity Matching Engine for Security and Analysis will be functional for any installation with the capability to scan persons entering the installation and have implemented the IMESA interface with Defense Manpower Data Center,” Pentagon spokeswoman Lt. Col. Valerie Henderson said Friday in an email.  

IMESA will be operational on Air Force, Army, Marine, and Defense Logistics Agency installations that day, she added.

The measured rollout has more to do with policy issues than technological challenges.

In April, Pentagon top brass released an official memorandum establishing the right for IMESA to check FBI records. It states system users only can conduct searches against the FBI databases for "maintaining law and order" and for "crime prevention." IMESA will keep track of all users who query the database.

The tool will run an FBI background check regardless of "whether you are going to the commissary or to work," Butler told Nextgov during an interview. 

For example, he said, if a military employee is caught by police driving under the influence one night, that information will flow into the system, even if the employee fails to report it to DOD. The guard at the base will get a red flag, stop the employee from entering, and then law enforcement will study the situation further.

IMESA only has the ability to search FBI records right now, but the plan is to loop in law enforcement records from state and local jurisdictions eventually.

A November independent review of the Navy Yard incident recommended IMESA be deployed at all DOD facilities.

“The systems and processes for admitting cleared and uncleared personnel through the gates to DOD facilities are insufficient to ensure on-base security,” the report found. “Currently, each service is implementing its own automated system for its own facilities . . . We recommend the joint approach of the Identity Management Enterprise Services Architecture effort.”

An internal review conducted at the same time concluded the same. The Pentagon report advised officials “accelerate” development of IMESA “to enable DOD components to share access control information and continuously vet individuals against U.S. government authoritative databases.”

(Image via SOMMAI/Shutterstock.com)

Threatwatch Alert

Thousands of cyber attacks occur each day

See the latest threats

JOIN THE DISCUSSION

Close [ x ] More from Nextgov
 
 

Thank you for subscribing to newsletters from Nextgov.com.
We think these reports might interest you:

  • Data-Centric Security vs. Database-Level Security

    Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.

    Download
  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

    Download
  • PIV- I And Multifactor Authentication: The Best Defense for Federal Government Contractors

    This white paper explores NIST SP 800-171 and why compliance is critical to federal government contractors, especially those that work with the Department of Defense, as well as how leveraging PIV-I credentialing with multifactor authentication can be used as a defense against cyberattacks

    Download
  • Toward A More Innovative Government

    This research study aims to understand how state and local leaders regard their agency’s innovation efforts and what they are doing to overcome the challenges they face in successfully implementing these efforts.

    Download
  • From Volume to Value: UK’s NHS Digital Provides U.S. Healthcare Agencies A Roadmap For Value-Based Payment Models

    The U.S. healthcare industry is rapidly moving away from traditional fee-for-service models and towards value-based purchasing that reimburses physicians for quality of care in place of frequency of care.

    Download
  • GBC Flash Poll: Is Your Agency Safe?

    Federal leaders weigh in on the state of information security

    Download

When you download a report, your information may be shared with the underwriters of that document.