One certificate doesn't work for all

While some organizations are moving toward creating a public-key infrastructure, others are still holding back before jumping in.

Ohio chief information officer Greg Jackson said his organization looked into creating a central PKI authority and asked other agencies to make a business case for applications requiring such a system. He said he could only justify one application — local health boards transmitting infectious disease reports to the Centers for Disease Control and Prevention — that would have required a higher level of authentication. All others would have just needed passwords and user IDs to access them.

"That's a technology looking for a solution," he said.

He was also concerned about the liability of a government, which acted as a certificate authority. He likened it to the issue concerning driver's licenses — originally issued only as legal permission to drive — being used as de facto national identification.

Featured

  • FCW Perspectives
    zero trust network

    Why zero trust is having a moment

    Improved technologies and growing threats have agencies actively pursuing dynamic and context-driven security.

  • Workforce
    online collaboration (elenabsl/Shutterstock.com)

    Federal employee job satisfaction climbed during pandemic

    The survey documents the rapid change to teleworking postures in government under the COVID-19 pandemic.

Stay Connected