State Official Looks to DOD for PKI Leadership

A North Carolina state official earlier this week called for the U.S. Defense Department to assist states with developing a secure publickey infrastructure to support state and local electronic commerce efforts.

A North Carolina state official earlier this week called for the U.S. Defense Department to assist states with developing a secure public-key infrastructure to support state and local electronic commerce efforts.

Jane Smith Patterson, senior adviser to the governor of North Carolina for science and technology, said that without help from DOD and other government entities in getting state government PKI programs off the ground, "it will be 15 years" before state e-commerce programs become a reality, leaving the U.S. economy far behind the rest of the world in conducting business electronically.

"DOD needs to move out and call together" all the states "to begin looking at how we actually put in place the infrastructure to do electronic commerce," said Patterson, speaking at the second annual DOD Electronic Commerce Day, held last week in Washington, D.C. According to Patterson, only five states have PKI initiatives that have matured to the point where those states can begin to consider purchasing products.

Marv Langston, DOD's deputy chief information officer, said he would coordinate with Patterson in the next few weeks on how DOD can be of assistance.

A PKI is a framework for the use of digital signatures for secure communications and e-commerce, which government agencies and private enterprises need to conduct more of their business electronically.

Part of the reason that DOD is in a leadership position when it comes to PKI is the recent approval of a final Defense PKI policy and road map, said Nick Piazzola, vice president of VeriSign Inc.'s federal markets division.

DOD's PKI policy went into place with a May 6 memo signed by deputy secretary of Defense John Hamre.

"The department now has a plan and a strategy of where it wants to go," Piazzola said. "More importantly, the [policy] puts real meat behind" DOD's PKI plan, he said. The memo, according to Piazzola, establishes PKI as the de facto standard throughout DOD for securing digital communications, and the memo stipulates that DOD will use commercial technology for its PKI initiatives.

Richard Guida, chairman of the Federal PKI Steering Committee, said he agreed with Patterson's sense of urgency. "In the PKI realm, everything is urgent," Guida said. In fact, he said he plans to go to North Carolina to begin discussions with Patterson and her staff in the next few months, and he also plans to visit Washington and Texas to talk about their PKI initiatives.

DOD and the federal government are well-suited to help state and local governments with their PKI programs, Guida said. "DOD is an engine of change," he said, primarily because of its market power. However, other agencies also are out front on PKI, with more agencies growing their PKI pilot programs into larger production networks, Guida said.

-- Daniel Verton (dan_verton@fcw.com)