United States leading PKI pilot for allies

Recognizing the need to have a single security architecture for electronictransactions, NATO has launched a pilot to test a digital authenticationand authorization infrastructure across its 19 member countries.

The NATO public-key infrastructure pilot, run by the Supreme AlliedCommander, Atlantic (SACLANT) out of Norfolk, Va., officially kicked offthis month.

PKI uses digital certificates, which store user identification and authorizationinformation, to secure electronic transactions and communications.

The six-month NATO pilot builds on the governmentwide PKI establishedby Canada, which runs on solutions from Entrust Technologies Inc.

However, there are many challenges when working with technologies andpolicies from so many different countries, said Lt. Cmdr. Chris Kennedy,communications security officer for SACLANT, at the Entrust SecureSummit2001 conference in San Diego on Monday.

SACLANT will be serving as the certificate authority for the PKI, issuingand managing the digital certificates that store each user's authenticationand authorization information. But each member country has its own architecturein place with which the certificates must interact, and there is not alwaysan easy technical solution, Kennedy said.

There are also different policies, laws and cultures that will haveto be reconciled, and compromise cannot be forced. "There is no standardand no authority to impose one," Kennedy said.

So far only a few countries are online in the pilot, but before theend of February it will include representatives from Belgium, Canada, theCzech Republic, Denmark, Germany, Greece, Luxembourg, the Netherlands, Poland,Portugal, Spain, Turkey, the United Kingdom and the United States.

Featured

  • Government Innovation Awards
    Government Innovation Awards - https://governmentinnovationawards.com

    Congratulations to the 2020 Rising Stars

    These early-career leaders already are having an outsized impact on government IT.

  • Cybersecurity
    cybersecurity (Rawpixel/Shutterstock.com)

    CMMC clears key regulatory hurdle

    The White House approved an interim rule to mandate defense contractors prove they adhere to existing cybersecurity standards from the National Institute of Standards and Technology.

Stay Connected