DOD speeds PKI development

In a sweeping move to improve computer security, the military will require all personnel to use public-key infrastructure (PKI) technologies by midsummer to log on to the Non-secure IP Router Network (NIPRNET), the military’s unclassified network.

The Joint Task Force for Global Network Operations (JTF-GNO), the organization that oversees the operation and protection of military networks, issued guidance last month to military services and agencies on configuring systems and providing training for the PKI implementation.

The initiative requires the use of Common Access Cards, digital signatures, e-mail encryption, and Web server soft certificates for desktop and notebook computers and servers that connect to NIPRNET, according to the JTF-GNO Communications Tasking Order 06-02, Tasks for Phase 1 of the Accelerated PKI Implementation.

“Ongoing intrusion activity has focused on exfiltration of valid user names and passwords for use in further exploitation and access. This situation represents a direct and growing danger to the protection of the Global Information Grid,” states an unclassified but for-official-use-only document released Jan. 17. GIG is the military’s name for its networks.

Since 2003, countries such as China, crime gangs and hackers have increasingly tried to penetrate Defense Department networks, sometimes successfully. They attempt to steal and sell U.S. military secrets and slow DOD networks.

JTF-GNO’s guidelines include target dates for implementing PKI and instructions on the use of passwords for those computers and servers that do not make the deadline.

They also require significant awareness and system configuration training for all DOD systems administrators. Federal Computer Week chose not to publish detailed information in the document for security reasons.

“Compliance with this [task order] will enhance the security of DOD information systems and establish deadlines for training, verification, installation and progress reporting,” said Tim Madden, a spokesman for JTF-GNO.

In response to the order, the Army started implementing PKI last month and plans to have 10,000 workers at Army headquarters using it by March.

Spyware or keystroke-tracking software can steal user names, passwords and personal identification numbers, but they cannot steal Common Access Cards that use electronic information and digital PKI certificates to verify users’ identities, said Lt. Gen. Steven Boutelle, the Army’s chief information officer, in a Jan. 25 Army statement.

“One of the greatest vulnerabilities of our networks is posed by weak user names and passwords,” Boutelle said. The Army has borne the brunt of the attacks.

TKC Integration Services (TKCIS) won a contract last summer worth more than $1 million to oversee the installation of PKI throughout the Army.

The Alaska Native Corporation chose Tumbleweed Communications’ Tumbleweed Validation Authority product to verify whether a user’s PKI digital certificate is valid, said Joel Lipkin, senior vice president of TKCIS’ General Services Administration and Systems Integration Division.

Featured

  • Cybersecurity
    secure network (bluebay/Shutterstock.com)

    Federal CISO floats potential for new supply chain regs

    The federal government's top IT security chief and canvassed industry for feedback on how to shape new rules of the road for federal acquisition and procurement.

  • People
    DHS Secretary Kirstjen Nielsen, shown here at her Nov. 8, 2017, confirmation hearing. DHS Photo by Jetta Disco

    DHS chief Nielsen resigns

    Kirstjen Nielsen, the first Homeland Security secretary with a background in cybersecurity, is being replaced on an acting basis by the Customs and Border Protection chief. Her last day is April 10.

  • Management
    workflow (Urupong Phunkoed/Shutterstock.com)

    House Dems oppose White House reorg plan

    The White House's proposal to reorganize and shutter the Office of Personnel Management hit a major snag, with House Oversight Democrats opposing any funding of the plan.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.