NCCoE Studies Authentication Sign-On Technology for Law Enforcement Vehicle Computers

New Project Aims to Improve Officer Safety, Reduce Risk to Sensitive Databases and Systems

The National Cybersecurity Center of Excellence (NCCoE), a part of the National Institute of Standards and Technology (NIST), is exploring technology that can help vehicle-based law enforcement officers securely and quickly access multiple software applications and databases. A faster authentication process could provide immediate access in dangerous circumstances—and while a vehicle is in motion.

On Sept. 12, the NCCoE released a draft description of the project, “Authentication for Law Enforcement Vehicle Systems.” The National Cybersecurity Center of Excellence will accept public comments on the draft project description until Oct. 12.

The NCCoE research will address two scenarios: the officer sign-on at the start of a shift and the automatic deactivation of the session that occurs when an officer exits a law enforcement vehicle.

In the current technology-rich work environment, an officer’s daily tasks require the use of a diverse suite of applications, each with a separate set of login credentials. The absence of an integrated authentication mechanism can affect security and the law enforcement mission. When leaving a vehicle unattended, an officer is forced to choose between logging out of sensitive systems—potentially increasing response time—and remaining logged into those systems—decreasing security. Even the simple action of typing in complex passwords locking or unlocking a laptop screen, for example, can impede an officer’s ability to confront an approaching suspect.

An integrated reduced sign-on (RSO) approach enables multiple applications to share a single user authentication action, eliminating the need for the user to log in more than once. The NCCoE project will demonstrate the integration of identity and authentication technology—such as proximity, biometrics and tokens—with readily available reduced sign-on tools.

The draft project description was developed after conversations with the Montgomery County Police Department, an NCCoE project collaborator, as well as other law enforcement agencies. The department provided a police car and related technology to be used in the creation of an example cybersecurity solution.

The research will use commercially available, standards-based security products in a representative architecture to be built in the NCCoE laboratory. The architecture will include all necessary back-end systems to support authentication, a computer-assisted dispatch system or mock-up to support case management, e-ticketing, and other representative applications an officer would typically access during day-to-day operations.

The project will result in a publicly available NIST practice guide that will provide a detailed look at the practical steps required to implement this important technology security reference design.

The NCCoE is accepting public comment on the project description for “Authentication for Law Enforcement Vehicle Systems” until Oct. 12. Comments will be accepted online and through email.