[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FYI] Inside the Army, 10 May 1999


------------------------------- CUT -------------------------------

11 May 1999. Thanks to Dan Dupont. 

Inside the Army, 10 May 1999 

Hamre pushes ahead with infosec effort 


By Jeremy Singer 

Copyright Inside the Army

A new public key infrastructure policy signed by Deputy Defense
Secretary John Hamre last week will have a "huge impact" on the way
the Army and other services conduct military and business affairs, a
service official told Inside the Army last week. 

"As far as electronic commerce goes, this is a watershed event," he

In many cases, the new policy will reduce the number of intermediaries
handling documents, and greatly expedite the process of approving
travel orders, for example, he said. 

PKI is one element of the layered strategy information assurance
officials are working on this year. A department-wide PKI will allow
DOD to communicate securely and help eliminate paper from the
military's operations, two major priorities for Hamre. Public key
cryptography involves two related keys, one public and one private,
and an infrastructure of people and systems is required in order to
manage the keys and the services they provide, which include data
integrity, user identification and authentication, encryption and
digital signature. 

"The DOD PKI, in the context of the Defense-in-Depth strategy, will
provide a solid foundation for IA capabilities across the Department,"
Hamre wrote in the memo, obtained by Inside the Army. 

"The goal of this DOD-wide infrastructure is to provide
general-purpose PKI services (e.g. issuance and management of
certificates and revocation lists in support of digital signature and
encryption services) to a broad range of applications, at levels of
assurance consistent with operational imperatives," he continued. 

"Implementation of these policies will ensure that DOD components are
using the infrastructure, and that future uses of public key
cryptography as part of the Department's Defense-in-Depth strategy are
consistent with threat and risk tolerance," Hamre concluded. 


Incorporating the PKI policy in the tactical arena may present
difficulties, the source said. Officials will need to decide "who has
the authority to do what," he said. If an intelligence officer with
access to restricted information is killed or otherwise incapacitated,
the person stepping into his position must have the same attributes on
his electronic identification to be able to access the same
information, he said, and it is difficult to plan ahead for that type
of contingency. 

------------------------------- CUT -------------------------------