Cyberdefense students rely on PKI

Students and alumni of the Defense Department's school to train investigators in computer crime techniques are using public-key infrastructure technology to communicate via a protected Web site.

The Defense Computer Investigations Training Program in Linthicum, Md., started handing out digital certificates to its students three weeks ago, said Greg Redfern, the program's director.

More than 1,300 DOD, federal, state and local law enforcement officials took DCITP's course during the past 18 months. The program's basic course enables students to conduct forensic investigations on computers by dissecting them for data and clues.

Students download a one-time activation file onto a floppy disk that they can use to obtain their digital certificates online. A certificate is also stored on the disk and contains a public and private key pair for each user.

Once on the site, users can chat with fellow students and graduates of the program, learn about course updates and engage in threaded discussions. All data on the site is sensitive but at the unclassified level, Redfern said.

Users can connect to the Web site from any Internet address. Access is a key issue because some state and local law enforcement officials participate in DCITP, and some users will connect from home.

"We're ahead of DOD" in using PKI technology, Redfern said. "They sent training and reviewed our network topology."

The site was tested for security vulnerabilities by having a "black hat" team of hackers from Computer Sciences Corp. battle DCITP's "white hat" protectors.

Featured

  • Cybersecurity
    cybersecurity (Rawpixel/Shutterstock.com)

    CMMC clears key regulatory hurdle

    The White House approved an interim rule to mandate defense contractors prove they adhere to existing cybersecurity standards from the National Institute of Standards and Technology.

  • Budget
    Stock photo ID: 134176955 By Richard Cavalleri

    House passes stopgap spending bill

    The current appropriations bills are set to expire on Oct. 1; the bill now goes to the Senate where it is expected to pass.

Stay Connected