DISA, HHS Brainstorming Behavioral-Based Identity Pilot

DISA, HHS Brainstorming Behavioral-Based Identity Pilot

Health and Human Services Department is collaborating with the Defense Information Systems Agency to develop and test using behavioral-based identity at the edge of a network to transform the way people—and particularly, first responders and health officials—log in and secure their work. 

HHS’ Chief Information Officer Jose Arrieta briefly detailed the project at Nextgov’s Emerging Technology Summit in Washington Wednesday. After the initial success of HHS Accelerate, the government’s first-ever blockchain-powered authority to operate, he said DISA insiders reached out because they were interested in the work his team was doing and wanted to possibly collaborate on an applicable idea. 

Arrieta was upfront about the complexity and revolutionary potential of the project. 

“I have to be honest with you, when we first met it really took me about 15 minutes to actually understand what we were talking about,” Arrieta said. 

Here’s the idea in layman’s terms: Instead of using passwords, usernames and other forms of complex but insecure options to authenticate identity, there is a way to create line identity on the edge of a network through a connected device and using 240 different behavioral characteristics.

“So it’s 240 behavioral-based characteristics that actually, instead of user ID and password, provide access to your network,” Arrieta said. “I am taking a record and recording behavior as I use the phone.”

The characteristics include everything from biometrics like people’s irises, fingerprints and facial scans commonly used to unlock devices, all the wireless devices they’re commonly connected to, the humidity and temperature reads from outdoors, the apps they use and when and how they access them, who they communicate with, their heart rates, and many other characteristics that define th ..