Infrastructure plan: Governmentwide PKI key to cyberdefense

Protecting critical information infrastructures within the federal government requires the development of a governmentwide public-key infrastructure to ensure data integrity and user identification and authentication for traffic, such as e-mail, carried over public networks.

While individual agencies have ongoing PKI initiatives — with DOD the leader in rolling out services — President Clinton's National Plan for Information Systems Protection, released yesterday, calls for interconnection of these PKIs. "Full protection [of federal information systems] requires an integrated, fully functional PKI," the plan states.

Since PKIs also will serve as the basis for electronic commerce transactions, the plan also calls for interconnection of federal systems with private-sector systems because "isolated PKIs do not [protect infrastructures that cross government or industry sector boundaries," according to the plan.

The plan states that the Federal PKI Steering Committee, housed at the Treasury Department, has started developing a Federal Bridge Certification Authority, which will facilitate the interconnection of separate federal agency PKIs into an overall federal PKI. The Federal Bridge CA will set up the mechanism with private-sector PKIs, enabling federal users to conduct secure transactions with private firms.