Smart card technology has come to the IDF, in the form of a new electronic ID card that officers, and eventually soldiers, will use to get into army bases and log onto IDF computers. The new system, according to Major Oren Mincha of the IDF’s C4I Corps, who is responsible for a wide range of information technology, will save the army money and increase security by giving the army more tools to ensure proper cyber-defense of its computer systems.
“It’s important to point out, however, that we did not institute this system in response to a specific incident,” said Mincha. “We did not have a security breach that prompted installation of a whole new security system. This changeover has been in the works for several years, and after the corps developed the technology for all the security protocols the army wanted, it was decided that it was time to implement it.”
Nowadays, in order to get onto an IDF base, soldiers must present their IDF identification card. Newer cards are credit-card sized (formerly, they came in the form of a passport-sized booklet) with a smart chip that includes the soldier’s personal details, security clearance, etc. Soldiers who work in computer units, or otherwise have to access IDF systems, were issued another card that they needed to swipe at computer terminals in order to log on. Officers had a third card that they used to access certain offices and facilities, depending on their security clearance.
Keeping track of two or three identification cards proved to be a hassle for some soldiers. Although he would not confirm that this actually ever happened, “we could foresee a scenario where an officer who was working on a computer system would step out for lunch and not bother to log out, figuring he would be back in a few minutes,” said Mincha. “That, as far as we are concerned, is a security breach. Requiring the soldier or officer to take his card with him to access other facilities will necessitate his logging out of the system, so having a single card to access everything is more foolproof.”
And riskier, perhaps?
If hackers manage to break into the IDF’s card database, they will be able to use identification information to access not just some systems, but all systems, said Mincha. “That’s a problem on the army’s side of the system, and we have very effective cyber-defense programs to prevent hackers from reaching any of the databases. The new card is for convenience and increased cyber-security from the soldiers’ side of the equation.”
Having a single card will make it easier for the army to track the movements of soldiers, so that if an anomaly is noticed — such as if a soldier is logged onto a computer system at the same time he is accessing a facility elsewhere — tracking down the reason for the anomaly will be easier.
In addition to the card itself, soldiers are issued a PIN number, which they must enter in order to access some facilities. “Thus we have a two-tiered security system, a model that has proven to be successful in other areas, such as in banking,” Mincha said.
But banks have been using this two-tiered security system for years; where has the IDF been? Although, said Mincha, the technology for the card and ID system was developed by the army itself, it could have easily used off-the-shelf smart card technology. “But we added many other enhancements to the security that are not available elsewhere,” he said. “One reason we waited so long to implement what appears to be old technology was to ensure that those enhancements were in place.”
There is a fundamental difference between security in the army and security in a bank. “If someone steals your credit card and uses it to charge things in your name, the bank has insurance to cover your losses,” said Mincha. “We in the army don’t have any insurance, and we can’t afford to allow any losses at all. Banks can afford to be reactive; we have to be proactive.”
Even if a system appears to be “old,” he added, “you can be sure that it has been tested and vetted from all possible angles. Our two-tiered security method is a lot more secure than the bank’s, I can assure you.”