PKI interoperability 'paramount'
- By Christopher Dorobek (Moderator), Dan Caterinicchia
- May 07, 2002
Federated Electronic Government Coalition
The government risks undermining the potential benefits of a public-key infrastructure unless it develops common policies and processes to ensure interoperability, a new report from a coalition of vendors says.
"Interoperability is paramount. If this is not achieved, the U.S. government and American industry is dealing with a potentially disruptive technology that will affect the policy, legal, technical and process implementation aspects of their business," according to the report, issued May 3 by the Federated E-Government Coalition.
PKI technology allows users to conduct secure transactions through a Web browser. Transactions are encrypted, and the decryption key is provided when a user's identity has been authenticated with a digital certificate.
If there is no unified way for digital certificates to work across government, industry will have to create and support multiple environments. "The subsequent overhead costs would be significant for all parties," the report says.
The report is the third in a series of assessments of the government's PKI initiatives. The first report, in December 2000, was an assessment of the Defense Department's PKI policy.
The report issued May 3 is based primarily on work with DOD. But Michael Mestrovich, FEGC chairman and the president and chief executive officer of consulting firm Unlimited New Dimensions LLC, said the report has implications across government.
The report is critical of DOD's PKI efforts. Mestrovich, however, noted that DOD has been on the cutting edge of government PKI initiatives.
"DOD has progressed more quickly and aggressively than any other federal agency.... The DOD overall vision is commendable," the report says. "It is, however, in the execution of that vision — at the application level" that issues arise.
The government should establish pilots using "domains of common interest" that can focus on interoperability across their groups. A procurement/supply chain group, for example, could then drive interoperability.
The issues are not technological, said Katherine Hollis, director of global information assurance services at EDS. Instead, they are questions about how PKI works with business processes. Therefore, the leaders of the business process must drive PKI's development.
PKI development has been hampered by the "chicken-and-the-egg dilemma": Most applications have not been designed with PKI functionality because their digital certificates were not widely deployed. And most organizations were not deploying digital certificates because there were few PKI-enabled applications.
The group suggests that may be changing. DOD, for example, is putting digital certificates on each of its new Common Access Cards. However, those certificates are designed for internal DOD use.
Christopher J. Dorobek is the co-anchor of Federal News Radio’s afternoon drive program, The Daily Debrief with Chris Dorobek and Amy Morris, and the founder, publisher and editor of the DorobekInsider.com, a leading blog for the Federal IT community.
Dorobek joined Federal News Radio in 2008 with 16 years of experience covering government issues with an emphasis on government information technology. Prior to joining Federal News Radio, Dorobek was editor-in-chief of Federal Computer Week, the leading news magazine for government IT decision-makers and the flagship of the 1105 Government Information Group portfolio of publications. As editor-in-chief, Dorobek served as a member of the senior leadership team at 1105 Government Information Group, providing daily editorial direction and management for FCW magazine, FCW.com, Government Health IT and its other editorial products.
Dorobek joined FCW in 2001 as a senior reporter and assumed increasing responsibilities, becoming managing editor and executive editor before being named editor-in-chief in 2006. Prior to joining FCW, Dorobek was a technology reporter at PlanetGov.com, one of the first online community centers for current and former government employees. He also spent five years at Government Computer News, another leading industry publication, covering a variety of federal IT-related issues.
Dorobek is a frequent speaker on issues involving the government IT industry, and has appeared as a frequent contributor to NewsChannel 8’s Federal News Today program. He began his career as a reporter at the Foster’s Daily Democrat, a daily newspaper in Dover, N.H. He is a graduate of the University of Southern California. He lives in Washington, DC.