PKI for the NIPRNET?

The chief information officers at the military’s major commands want to require workers to use public-key infrastructure technologies instead of user names and passwords to log on to the Non-Classified Internet Protocol Router Network.

NIPRNET is the Defense Department’s unclassified network, which comes under steady attack from foreign entities, crime gangs and thrill-seeking hackers.

The CIOs at the nine combatant commands and Gil Nolte, director of DOD’s PKI Program Management Office, discussed the idea during a meeting Dec. 13 morning. Nolte mentioned the conversation during a speech yesterday afternoon at the Information Assurance: Defeating Cyber Threats conference, sponsored by the Net-Centric Operations Industry Forum of the Association for Enterprise Integration.

Nolte said the CIOs asked during the meeting how they can get away from using user names and passwords to log on to the NIPRNET. He said that if the CIOs had their way, they would start using PKI technologies next summer.

Nolte said technology is only part of the answer to solving the military’s computer security problems. He said DOD must also stress user awareness and training, including getting employees to turn in their security badges and Common Access Cards when they leave a job or the department.

“Business processes are hurting us as much as the security piece,” Nolte said.