OMB says PKI is the key to success of agency initiatives

OMB says PKI is the key to success of agency initiatives

'Officials have been telling us we have been preparing to use PKI for quite a few years, and there are no excuses not to move forward,' said Judith Spencer, chairwoman of the CIO Council's PKI Steering Committee.

Officials in the Office of Management and Budget are urging IT managers to consider public-key infrastructures to enhance security for new programs.

In the past, OMB stuck to setting policy by tightening or loosening a department's purse strings to meet a goal. Officials rarely have recommended or advised agencies on how to get on OMB's good side.

But Mark Forman, associate director for IT and e-government at OMB, told an audience of more than 500 at a PKI conference in Washington last month that this technology clearly has a role in many IT projects.

'PKI is integral to all of the President's Management Agenda,' Forman said. 'Agencies may not have thought too much about how certain projects involve security, but if they don't, they will not get funded.'

Since 1993, many agencies have tested PKI for either their users or their customers, but few have moved to adopt it. The Defense and Veterans Affairs departments are perhaps the most advanced in its implementation.

Forman said many of the 23 e-gov initiatives supported by OMB include PKI. It will also play a critical role, he said, in sharing information across agencies.

Feds need flexible OS

'Government workers will be knowledge workers and must have information from multiple agencies to do their jobs,' he said. 'We need evolving platforms that will be open-source, such as Linux platforms.'

Judith Spencer, chairwoman of the CIO Council's PKI Steering Committee, said the Bush administration has made a commitment to e-gov plans that use PKI.

'The last administration was very proactive with the steering committee, but this one has really taken it to the next level,' she said. 'Officials have been telling us we have been preparing to use PKI for quite a few years, and there are no excuses not to move forward. They said it is at the core of what the government needs to be doing.'

The steering committee received $3.5 million from Congress this year to continue rolling out PKI. Much of the money went to the Federal Bridge Certification Authority, Spencer said. Other funds were used for committee support, and $1.2 million went to promote interoperability among 10 agencies.

Cross that bridge

The bridge authority cross-certifies agency PKIs and lets agencies share information better. The bridge likely will play a crucial role in accomplishing much of what Forman and OMB want to do. NASA, the National Institutes of Health and the National Finance Center use the bridge, Spencer said.

Forman said traditional barriers to PKI, such as disparate information architectures and a lack of public trust and resources, can be overcome.

Forman said establishing a secure transaction feature on Firstgov.gov and identity authentication through the General Services Administration's E-Authentication project will reduce some of these impediments.

'E-Authentication is one of the most important e-gov initiatives,' Forman said. 'It will organize authentication work for our critical lines of business.'

The conference also included updates from other agencies. Officials from VA, DOD and the Labor Department described their progress with PKI.

VA plans to integrate PKI into its core financial system in March or April. DOD has issued more than 74,000 software certificates and plans to give 3 million service members certificates over the next 18 months.

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above