DOD to launch secure Net transactions

In a major milestone of its paperless contracting initiative, the Defense Department in June will create one of the first large-scale programs that uses public-key security technology to allow vendors to view contract data and to submit bids over the Internet.

Public-key infrastructure, which is being used in pilots across the government, combines encryption, digital certificates and other technologies to authenticate a user's identity and to ensure data is not tampered with during transmission over the Internet.

DOD's Electronic Document Access (EDA) system will use PKI to allow external vendors to access information and to submit bids without fear of having sensitive information compromised. Federal agencies and industry observers generally believe such a capability is a prerequisite to widespread adoption of electronic commerce.

The General Services Administration last year successfully conducted the entire bid review and award process for the FTS 2001 contract digitally, said Rich Guida, chairman of the Federal PKI Steering Committee. But Guida said he does not know of any PKI-based program that works on the same scale as EDA.

PKIs become increasingly important as agencies offer more sensitive services and applications, said Tony Trenkle, director of the electronic services staff at the Social Security Administration and former head of GSA's electronic commerce office.

That is why the Access America for Students - a National Partnership for Reinventing Government online program that students can use to apply for student loans, passports and other government services - and any application that deals with public access to private data on the Internet needs PKIs, he said. "It gives the citizens a secure environment and gives the government a means of properly identifying people," he said.

DOD has more than 11,000 registered users for the EDA system, which has an index of more than 320,000 contracts. EDA offers online storage and retrieval of post-award contracts, contract modifications, bills of lading for both government and personal property, and vouchers in a compressed-text format.

DOD launched the initial pilot project for EDA in June 1997 and has tested and approved it for agencywide use.

However, DOD first plans to offer EDA electronic contracting on a voluntary basis, said Claudia "Scottie" Knott, director of the Joint Electronic Commerce Program Office, which oversees the EDA system. The initiative is a first step toward providing vendors with the required "comfort level to submit paperless proposals," she said.

Much of that comfort level has to do with security capabilities - for example, ensuring that a vendor is able to view only its contracts and not another vendor's. According to Knott, DOD is putting in place the necessary digital certificate authority, which verifies the identities of the parties involved and mediates the transaction.

DOD plans to have the first certificate vendor qualified to support the program by early June, according to Richard Hale, chief engineer for information assurance at the Defense Information Systems Agency. In addition, the department should have a final process in place by the end of the fiscal year after analyzing any lessons learned during the June launch, Hale said.

Chip Mather, senior vice president at Chantilly, Va.-based Acquisition Solutions Inc., said the act of "taking paper and making it 'electronic' is a small but important step" for DOD's overall EC effort. Although paperless processes save money, "the real benefit will be achieved when we manage the information and not the electronic 'paper,' " Mather said.

Lynn McNulty, director of government affairs at RSA Data Security Inc., said a full-blown PKI will be necessary as agencies conduct electronic business with a large number of trading partners involving many electronic transactions.

"You can conduct electronic commerce without a [PKI], but you are increasing the risk," he said. "This will be an evolutionary process. It will take a lot of information sharing on the part of the people involved."