The Defense Department has taken a major step toward establishing a secure environment for doing business electronically throughout the military services and defense agencies.
Under a new contract with Netscape, the department will acquire a "public key infrastructure," a scheme for verifying identities of network users and authorizing them to undertake various activities online.
Under the contract, signed earlier this month, DoD personnel will be able to download specialized Netscape software for using the Internet in the office, at home and on laptops. The agreement also allows DoD contractors to use the Netscape software. The software is not mandatory, but the agreement allows up to 2 million users to download it.
The Netscape software's public key infrastructure (PKI) is a security system that will allow the Defense Department to verify people's identities during online transactions. The Pentagon wants DoD to create a paperless contracting system and conduct more of its other business electronically. Pentagon officials want to use public key infrastructure security measures for online transactions by the end of 2001; the Netscape deal will help make that happen.
"PKI is a foundation for starting up other applications," said John Menkart, director of government sales for Netscape. Using PKI, the Defense Department will issue "certificates," which are basically electronic identity cards, to all of its users. When a user tries to access a secure program online-a contracting system or a document database, for example-the Netscape software will pass the user's certificate to the secure program, which will then decide how much access to grant the user.
"PKI by itself does nothing," Menkart said. "What you want it for is so that applications can move to a model where, in order to gain access to all an organization's applications, people must use certificate-based access. It's more secure than issuing user names and passwords. People have a problem keeping track of five or six passwords and user names. It's not very secure. They have to write them all down."
PKI can also be used for digital signatures on electronic mail.
"Even if I send you an e-mail and it looks like it comes from my e-mail address, someone could intercept it in the middle and send it on. You wouldn't necessarily know. But as long as my digital signature appears correct, that ensures what you receive from my computer and what I sent from my computer are the same," Menkart said.
All employees of the Defense Information Systems Agency have been issued a PKI certificate, a DISA spokeswoman said. To obtain a PKI certificate, other DoD users will receive a user name and one-time password from their command or agency. They will use the user name and password to get their PKI certificate from a certification authority operated by the Defense Information Systems Agency.
Richard Guida, chair of the federal PKI steering committee, said the Netscape deal is a major step for the Defense Department.
"PKI is like a highway," Guida said. "It allows you to get from point A to point B. But like any highway, it doesn't give you the vehicle to travel the highway. The vehicles are the application programs. Whether they're personnel applications or travel voucher applications or some other application, these vehicles have to be able to access the public key infrastructure to use the certificates people have been provided to authenticate themselves. DoD is building the highway with Netscape."
The PKI deal with Netscape, which was a follow-up option on an original license agreement, was worth $13.1 million. The total software contract is worth $33.8 million. The deal included Netscape's Navigator browser, Collabra communications software, Certificate Management Server, Directory Server, Enterprise Server and Messaging Server for 2 million Defense Department users.
NEXT STORY: House refuses to restore F-22 funding