Boardroom
SRA International

In The Boardroom With...

Mr. Daniel J. Chenok
Vice President & Director,
Business Solutions and Offerings
SRA International, Inc.
www.sra.com
(NYSE: SRX)


SecurityStockWatch.com:
Thank you for joining us today, Dan. Let's start with a brief overview of SRA and the services the company provides to customers in the federal government.

Daniel J. Chenok: SRA is a leading provider of technology and strategic consulting services and solutions - including systems design, development, and integration; and outsourcing and managed services - to clients in national security, civil government, and health care and public health. The Company's 5,100 employees currently serve over 275 U.S. government clients on over 900 active engagements from SRA headquarters in Fairfax, Virginia, and offices across the country. FORTUNE® magazine has chosen SRA as one of the "100 Best Companies to Work For" for seven consecutive years.

SecurityStockWatch.com: Please give us an overview of your background and your role at SRA.

Daniel J. Chenok: I am Vice President and Director of Business Solutions and Offerings (BSO). BSO is the cross-company matrix that houses most of SRA's company-wide practice areas, including enterprise architecture and portfolio management, knowledge management and information sharing, business intelligence (data and text mining), wireless integration services, infrastructure management (including enterprise systems management and managed services), enterprise resource planning (ERP), and identity management. We have experts, methodologies, services and products, marketing and execution templates, and other elements that differentiate our offerings in terms of value for the customer.

I also serve as the Chair of the National Institute of Standards and Technology's (NIST's) Information Security and Privacy Advisory Board, which advises NIST and the Office of Management and Budget and reports to Congressional committees on emerging managerial, technical, administration, and physical safeguard issues relating to information technology (IT) security and privacy issues.

Prior to joining SRA in January 2004, I was the head of the IT policy and budget branch of OMB.

SecurityStockWatch.com: What are the key market drivers for the Secure ID market at this time?

Daniel J. Chenok: The primary drivers in the Federal space are Homeland Security Presidential Directive-12 (HSPD-12) from a requirements perspective, and law and policy around security and privacy from a compliance perspective. Specifically, HSPD-12 establishes a mandatory, government-wide standard for secure, reliable forms of identification issued by the Federal Government to its employees and contractors. This Directive and its deadlines, established in policy by NIST, have set in motion a significant increase in demand that has reshaped the ID market around interoperable credentialing.

At the same time, HSPD-12 implementation must comply with the Privacy Act, Federal Information Security Management Act (FISMA), and a variety of related laws and policies designed to mitigate risk and promote user confidence. In addition, the Real ID Act is forcing similar issues to be considered in credentialing state drivers' licenses; and e-passports are creating a focus on the same issues for international documentation.

As a result, the Secure ID market must address efficiency of use and guard against misuse.

SecurityStockWatch.com: What are the "interoperability" issues in the Federal ID space?

Daniel J. Chenok: ID interoperability issues involve translation of credentials across Federal domains. In simple terms, a credential at the Department of Education should provide appropriate access at the Department of Labor. Making this a reality involves complex issues of law, systems design, and culture. HSPD-12 attempts to address these issues through consistent card topology, but enough discretion is left to the agency that cards may have subtle differences that render reuse more difficult. An alternative approach, and one that SRA is developing with the Department of Defense (DoD) and a variety of industry partners, including EDS and Northrop Grumman, involves a federated approach to credentialing, whereby multiple entities agree to a set of rules that enable them to "trust" each other's credentials without requiring issuing new cards or software-based tokens. This approach is the Federation for Identity and Cross-Credentialing Systems (FiXs), a public-private partnership dedicated to building and deploying a secure, interoperable identity and cross-credentialing network.

SecurityStockWatch.com: What about privacy issues?

Daniel J. Chenok: Privacy issues in the Federal market are significant. Recent publicity around data breaches and laptop thefts demonstrate that if the Government gets privacy wrong, whether by perception or reality, the impact can go well beyond a commercial model in terms of public and Congressional scrutiny. SRA uses a specific methodology, known as PILLAR, which incorporates privacy into every aspect of the systems development life cycle, giving our clients the advantage of building privacy into ID and other applications up front, rather than implementing reactive and more costly solutions after incidents occur.

SecurityStockWatch.com: Without divulging any proprietary or confidential information, of course, are there one or two SRA success stories you would to talk about?

Daniel J. Chenok: Our work with the FiXs consortium has created a path for Federal and state agencies, contractors, and even commercial entities, to enable large numbers of credentials to be interoperable and secure, in a way that preserves privacy and security at the appropriate level. The FiXs model is scalable and available; in fact, SRA is the first entity that will receive FiXs credentials, and these will be consistent with both HSPD-12 and DoD policy (FiXs grew out of a DoD program of credentialing interoperability).

SecurityStockWatch.com: You recently presented at the Advanced Identification Systems Conference. May we have an overview of the key issues and trends you addressed?

Daniel J. Chenok: I discussed the Federal direction for identity management, the various approaches that SRA is taking to address the market, and key elements that the industry can provide to help solve problems that agencies face.

SecurityStockWatch.com: Thanks again for joining us. Are there any other subjects you'd like to discuss?

Daniel J. Chenok: I see a bright future for the secure ID market. SRA and other systems integrators are developing secure ID technology to respond to the increasing demand in this market. We look forward to working with our customers and partners going forward to provide value in addressing these issues of national significance.