Bridge partners span many levels of government

Designed to connect more than just public-key infrastructure islands within the federal government, the federal bridge is attracting a diverse crowd of potential users.

Hailing from the education sector and state and foreign governments, bridge candidates are drawn to the broad PKI exchange possibilities that can follow a single cross-certification exercise.

"No state wants to cross-certify with 49 other states," said Georgia Marsh, associate director of the Illinois Department of Revenue. "If we believe in and have trust in the federal government, they can provide that interoperability for us."

According to Marsh, Illinois is the only state with an enterprisewide PKI and is farthest along in terms of interoperability with the Federal Bridge Certification Authority (FBCA).

Illinois will soon be in a position to send in its PKI credentials and embark on the rigorous cross-certification exercise.

Illinois' infrastructure was born out of a 1999 law that centrally funded the PKI system's development during a time when state coffers were at an all-time high.

During this development and amid crucial policy decisions, the state has been mindful of federal PKI activity, Marsh continued. "We've tried to parallel the requirements of the federal government and Canada."

Already equipped with a central bridge of its own, the Canadian government also is working with FBCA officials on cross-certification.

Right now, Canada and the United States have settled on a date to exchange the necessary paperwork to start the projects. Then, each government will undergo a compliance audit, said Judith Spencer, chairwoman of the Federal PKI Steering Committee.

"Especially since Sept. 11, interoperability would have a lot of advantages," said Spencer, offering border initiatives and defense contracting interaction as areas ripe for exchange.

Meanwhile, tangible proof that FBCA will reach outside the federal government was shown early this year with a demonstration project hatched within the higher education community.

Educause, an association representing information technology in higher education, joined forces with the National Institutes of Health and the Federal PKI Steering Committee to show that electronically signed grant forms could travel from three universities to NIH.

To complete the transaction, NIH linked its infrastructure to FBCA and participating schools used the Higher Education Bridge Authority. Once the two bridges were cross-certified, NIH received grant forms submitted by universities in Alabama, Wisconsin and New Hampshire.

"It was a lot easier to do than people thought," said Peter Alterman, director of operations for the Office of Extramural Research at NIH.

Jones is a freelance writer based in Vienna, Va.


  • FCW Perspectives
    zero trust network

    Can government get to zero trust?

    Today's hybrid infrastructures and highly mobile workforces need the protection zero trust security can provide. Too bad there are obstacles at almost every turn.

  • Cybersecurity
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    NDAA process is now loaded with Solarium cyber amendments

    Much of the Cyberspace Solarium Commission's agenda is being pushed into this year's defense authorization process, including its crown jewel idea of a national cyber director.

Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.