FITUG e.V.
Förderverein Informationstechnik und Gesellschaft
FITUG e.V.Förderverein Informationstechnik und Gesellschaft |
|
11 May 1999. Thanks to Dan Dupont.
Inside the Army, 10 May 1999
Hamre pushes ahead with infosec effort
NEW PKI POLICY WILL HAVE DRAMATIC IMPACT ON MILITARY, BUSINESS AFFAIRS
By Jeremy Singer
Copyright Inside the Army
A new public key infrastructure policy signed by Deputy Defense Secretary John Hamre last week will have a "huge impact" on the way the Army and other services conduct military and business affairs, a service official told Inside the Army last week.
"As far as electronic commerce goes, this is a watershed event," he said.
In many cases, the new policy will reduce the number of intermediaries handling documents, and greatly expedite the process of approving travel orders, for example, he said.
PKI is one element of the layered strategy information assurance officials are working on this year. A department-wide PKI will allow DOD to communicate securely and help eliminate paper from the military's operations, two major priorities for Hamre. Public key cryptography involves two related keys, one public and one private, and an infrastructure of people and systems is required in order to manage the keys and the services they provide, which include data integrity, user identification and authentication, encryption and digital signature.
"The DOD PKI, in the context of the Defense-in-Depth strategy, will provide a solid foundation for IA capabilities across the Department," Hamre wrote in the memo, obtained by Inside the Army.
"The goal of this DOD-wide infrastructure is to provide general-purpose PKI services (e.g. issuance and management of certificates and revocation lists in support of digital signature and encryption services) to a broad range of applications, at levels of assurance consistent with operational imperatives," he continued.
"Implementation of these policies will ensure that DOD components are using the infrastructure, and that future uses of public key cryptography as part of the Department's Defense-in-Depth strategy are consistent with threat and risk tolerance," Hamre concluded.
[...]
Incorporating the PKI policy in the tactical arena may present difficulties, the source said. Officials will need to decide "who has the authority to do what," he said. If an intelligence officer with access to restricted information is killed or otherwise incapacitated, the person stepping into his position must have the same attributes on his electronic identification to be able to access the same information, he said, and it is difficult to plan ahead for that type of contingency.