The Challenges of Biometrics and the Need for a Universal Standard

By Susan Hoffman
Contributor, InCyberDefense

Interview with Dr. Elliott Lynn
Biometrics Expert and Associate Professor, School of STEM, American Military University

Recently, you were asked by APUS to participate on a panel, “Do Cybersecurity Standards Matter?” at the Policy Studies Organization’s 11th Annual Dupont Summit on Science, Technology and Environmental Policy in Washington, D.C. What were your main takeaways from that conference?

That panel focused primarily on cybersecurity standards and funding sources. It showed me that there is still a lot of work to do, because there is still a significant gap in biometric database standards. Funding sources are still a problem as well.

What are the biggest challenges facing the biometrics field at this time?

Right now, federal biometric databases don’t align with state and local biometric databases because the federal databases don’t have the same quality. There should be one single database for federal, state and local government agencies, so all of that information could be fed into one place.

In addition, we need to establish a universal standard and a single funding source. There should be more cooperation among federal, state and local government agencies to accomplish these goals.

What industries are the most likely to need biometrics expertise in the future?

Biometrics will be needed in any place where there is valuable data to protect. Law enforcement, healthcare and financial industries are a few of them.

Large corporations will also use biometrics for multi-factor authentication. You’ll need to use something you know [such as a password], something you have [a different access code for each login or a smart card with a chip] and something you are [a biometric identifier such as your face].

Facial recognition is becoming more and more popular in consumer-related industries involving the new iPhone and mobile carriers. Similarly, large organizations in industries such as banking, cloud service providers and high-security sectors of government need additional layers of security.

Also, we’re discovering more and more about what makes people unique. Those unique characteristics are useful for creating better cybersecurity.

In light of continual data compromises, multifactor authentication is becoming the new standard in protecting private data, such as personal email and banking information. It will be needed by all employees in different sectors, even when a user simply logs into an office computer that has any private data assets.

How can organizations resolve the problem of hackers gaining irreplaceable biometric information?

There are multiple modalities [methods] available in this field as a way of verifying someone’s identity. Although you don’t want to overdo making requests for verification, it is easier to switch to another method of biometric identification if one modality is compromised.

Also, the big modalities are not as expensive as they used to be. Competition has driven down the cost of production.

What are other potential uses of biometrics?

Biometrics are now in the consumer world as a way to access personal devices and smart homes. Biometrics are cheaper now, so we’re moving to a position where you’ll see them used every day for purposes such as making payments.

But no system is 100% foolproof. Simple factors, such as a handprint made with a dirty hand, can create a false positive or a false negative in authentication. Improvements in biometrics are still needed and this work is continuing to advance.

What advice would you give to someone who wants to enter the biometrics field?

I recommend getting the necessary education but also to take advantage of on-the-job learning and certifications. It’s important to not only understand the methods of biometric authentication, but also their advantages and disadvantages.

Dr. Elliott Lynn is an associate professor in the School of Science, Technology, Engineering and Management (STEM) at American Military University. He holds a Ph.D. in Organizational Management with a specialization in information technology management from Capella University; an M.B.A. with a specialization in technology management from the University of Phoenix; and a B.S. in telecommunications management from DeVry University. Elliott is also the Assistant Director of the Program Management Office of New Jersey’s Office of Information Technology.