Defense, GSA agree to disagree

After nine months of deliberation, the Defense Department decided this month not to merge its Interim External Certification Authority program with the General Services Administration's Access Certificates for Electronic Services contract.

DOD will continue to operate IECA and let GSA's Federal Bridge Certification Authority take care of interoperability with the rest of the government.

'DOD took the possibility of this merger very seriously,' said R. Michael Green, director of DOD's Public-Key Infrastructure Program Management Office. 'We tried very hard to make it work out, but we're going away friends and partners with the GSA folks.'

The merger would have let DOD accept ACES certificates from vendors, and it would have funneled more business to IECA's four commercial certificate authorities.

'We've spent a fair amount of time identifying differences in the programs,' said David Temoshok, GSA's PKI policy manager. 'It's not impossible to merge the two.'

Temoshok and Green both said the differences involved levels of assurance and who would accept liability for certificate misuse.

Keren Cummins, vice president of government services for Digital Signature Trust Co., said the merger would have let the Salt Lake City company sell more certificates to earn reasonable revenue. The company, recently acquired by Identrus LLC of New York, is one of four IECA certification authorities.

'We've probably sold 100 certificates over three years,' Cummins said. The company 'sunk in so much money' for initial development because it expected a big payoff, she said. But it never came, and 'we got shellacked,' Cummins said.

Green said the four original IECA contractors -- Digital Signature Trust, General Dynamics Communication Systems of Falls Church, Va., Operational Research Consultants Inc. of Alexandria, Va., and VeriSign Inc. of Mountain View, Calif. -- have sold a total of about 700 certificates to DOD vendors during the past three years.

Digital Signature Trust has earned less than $20,000 from the contract while spending about $200,000 a year, Cummins said. At $250 per certificate, minus discounts, the company had expected revenues of about $5 million over three years.

'The numbers, being as small as they are, have been discouraging to everybody involved, and we're doing everything we can inside DOD to push this along faster,' Green said.

Little interest

By this year, Cummins estimated, more than 526,000 vendors should have been using digital certificates to do business with DOD's Defense Travel System and Electronic Transportation Acquisition System and the Wide Area Workflow and Electronic Document Access programs.

But few vendors want to use certificates, Cummins said. So Digital Signature Trust might walk away from the contract as General Dynamics did about four months ago.

'They said, 'We're not making a whole lot of money off of this,' ' Green said.

Three years ago, DOD began requiring its own employees to use digital certificates barring any serious burden. The department issued its one millionth internal digital certificate this month.

'One of the things DOD needs is a little bigger policy push to use this stuff now,' Green said.

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above