Robert Brandewie, recently retired Director of Defence Manpower at the US Department of Defense, spoke candidly about his experiences over the last five years in successfully implementing smartcard technology in a broad ranging interview with Intermedium. Mr Brandewie has recently been appointed Senior VP Public Sector Solutions for Actividentity and was a speaker at the Focus on Business conference in Canberra.
Mr Brandewie says that the smartcard marketplace had come a long way. This is a good time to take up the use of smartcards, he said. “The smartcard market was very immature in 2000. Standards are now a lot clearer and there are a number of good case studies to guide particular implementations. US Defense had to deal with a lot of new issues throughout the project”.
Mr Brandewie cautions that this is still a maturing market. Any smartcard strategy that is implemented now must be able to accommodate changes over time, he said. The US Personal Identity Verification (PIV) standard FIPS201.is a good standard, but he doesn’t expect it to be the end of the story.
According to Brandewie, the international standard (ISO) ISO24727 currently under development will see many useful innovations.
He believes we may need to wait up to two years for the ISO standard to be ready for widespread implementation. He offered the following advice to organisations planning to implement smartcard-based strategies:
- Stick with open standards and don’t take up proprietary solutions. This will not only guard against vendor lock-in but also position organisations in the main stream of development to take advantage of interoperability with other facilities as they become available.
- Expect changes to the software and architecture over time, so implement smartcard strategies that can accommodate change without requiring a wholesale recall of cards.
- Keep an eye on ISO24727, but for the moment view it as work-in-progress.
- Don’t underestimate the cultural change issues, or the potential business benefits that smartcards can offer.
- Expect that interoperability will not be as seamless as in other parts of IT infrastructure just yet.
On the question of “contact” vs. “contactless” smartcards, Brandewie saw general movement in the marketplace toward contactless cards. US Defense initially set out using contact cards but converted to contactless due to the strong business case primarily driven by savings in transaction times and other advantages, such as greater flexibility in locating smartcard readers, and less wear-and-tear on the cards themselves.
On balance, this is the right time to implement smartcard projects, according to Brandewie. “The market has come a long way in the last five years. It still has a long way to go, but it would be a mistake to sit back and wait. It would be just like sitting back and waiting for the Internet to mature” he said.