Soldier Receives One-Millionth PKI Computer-Security 'OK'
By Gerry J. Gilmore
American Forces Press Service
WASHINGTON, Jul. 26, 2002 With a plastic card and a few keystrokes an Army infantryman today showed how DoD is injecting "cutting edge" technology to improve security across its computerized communications systems.
Spc. Trenton R. Dugan, a 3rd U.S. Infantry (The Old Guard) soldier from Fort Myer, Va., participated in a Pentagon demonstration for reporters of DoD's Public Key Infrastructure security system.
Dugan, the one-millionth DoD person to be PKI-certified, began by inserting his Army-issued Common Access Card into a special reading device connected to a laptop computer. Using Common Access Cards registered with the PKI system provides an added measure of computer security, he noted.
The specialist typed in his unique personal identification number and then sent an e-mail. "Using this card verifies that it is actually me sending the e-mail," Dugan said. If the card is removed from the reader, the computer locks up.
Later, he demonstrated how a prototype thumbprint identification system can be used to access a DoD Internet page.
"What we're after now is firm identification of everybody so that we can understand who got on the network, what they did, what information they accessed, and then the ability to change their level of access as we move on electronically," explained John P. Stenbit, assistant secretary of defense for command, control, communications and intelligence and DoD's chief information officer.
Stenbit emphasized the implementation of the PKI system is absolutely crucial, or DoD cannot go to a network-centric world.
DoD PKI advocate James T. Degenford noted that the department's current computer security system offers limited assurance that authorized users are on the system, since passwords and e-mail addresses can be guessed at or otherwise obtained.
A password-and-user-name system is weak overall for a number of reasons, Degenford pointed out. He said the PKI system represents cutting-edge technology and contains safeguards that encrypt information to prevent it from being viewed by unauthorized persons. It also provides a "digital signature" that ensures the authenticity of message authors and prevents message tampering while in transmission.
"PKI sets" issued to individuals, Degenford explained, include e-mail, signature and encryption certifications that are placed on the Common Access Card. Certifications are replaced every three years.
"What's significant about the Common Access Card is the protection that it provides (as) the private key for the (PKI) encryption operations," he added. All DoD internal e- mail will be required to be digitally signed by October 2003, Degenford remarked.
"We can, with a high degree of certainty, know who is accessing our networks, know who is accessing the objects on our networks," he pointed out.
Once developed separately, DoD's PKI and CAC programs were merged in late 1999 to gain security benefits offered by both, officials noted. Currently, more than 800,000 CACs have been issued to military and government civilians, officials added, and more than 30,000 card readers are installed at 500 installations and offices.