Feds test PKI promise for privacy

Related Links

"How PKI Works"

For electronic government to work, federal IT managers know they must assure

the public that business conducted over the Internet can be kept private.

More than a dozen agencies are working to solve that privacy problem,

said John Dyer, senior adviser to the Social Security Administration commissioner.

The most promising answer so far, he said, is PKI — public-key infrastructure.

PKI enables individuals to encode messages and transmit them so that

only the proper recipient can receive and decode them.

"Several dozen" PKI pilot projects and experiments are under way in

agencies ranging from the Social Security Administration and the Defense

Department to the Federal Aviation Administration, Dyer told members of

the Armed Forces Communications and Electronics Association Nov. 20.

About a half-dozen agencies already routinely use PKI to transmit data

securely, he said. The Federal Deposit Insurance Corp., for example, encrypts

data it transmits to its employees, and the Patent and Trademark Office

encrypts correspondence with attorneys.

PKI also is being adopted outside government by banks, hospitals and

insurance companies, he said.

While initial successes are encouraging, the plethora of different PKI

systems being developed is likely to create a whole new set of compatibility

problems.

"The technology itself is straightforward," Dyer said, but getting different

systems to work together is not.

The key concern confronting agency information technology managers is

how to adopt PKI so that individuals do not need a separate key for each

agency or department within agencies that they deal with.

To solve that problem, several agencies are attempting to develop "an

operational bridge" that will make different PKI systems work together,

he said. Such a bridge could be ready later this year or early next year,

Dyer said.

Featured

  • FCW Perspectives
    zero trust network

    Can government get to zero trust?

    Today's hybrid infrastructures and highly mobile workforces need the protection zero trust security can provide. Too bad there are obstacles at almost every turn.

  • Cybersecurity
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    NDAA process is now loaded with Solarium cyber amendments

    Much of the Cyberspace Solarium Commission's agenda is being pushed into this year's defense authorization process, including its crown jewel idea of a national cyber director.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.