Air Force poised to roll out global PKI

The Air Force is preparing to roll out a global public-key infrastructure security initiative that will tap into the bevy of contractor support available on the service's $750 million Information Technology Services Program (ITSP).

Announced last month, the Air Force-wide PKI effort will be managed by a new program office within the Electronic Systems Center's Cryptologic Systems Group at Kelly Air Force Base, Texas.

The Air Force plans to award a six-year, $140 million contract to a contractor team holding one of the blanket purchase agreements under ITSP, which includes more than 200 companies offering engineering, integration, configuration management and other IT services.

ESC's PKI plans are part of the Defense Department effort to develop a PKI to enhance the overall security of DOD's information networks and to support the paperless contracting initiative backed by deputy secretary of Defense John Hamre. PKI solutions use digital signatures, digital certificates to authenticate a user's identity and encryption technologies to ensure that data is not tampered with during transmission across the Internet.

"We're estimating issuing digital certificates to approximately 700,000 people face to face," said Lt. Julio Guerrero, the lead PKI technical support officer at ESC's Cryptologic Systems Group. "This level of effort affects virtually every Air Force member, government employee and contractor on each Air Force installation."

According to Guerrero, the services required by the PKI program include application support, engineering services, integration services for future DOD PKI architectures, application testing, legacy application integration services and training. ESC chose ITSP because of the global requirements of the work and the ability of ITSP to support centralized contract requirements and decentralized execution on the part of the vendor team, Guerrero said.

ESC is looking for a single prime contractor from ITSP to head the effort, which Guerrero described as a "critical part" of the way the Air Force and DOD will be protecting their mission-critical information in the future. "Simply put, the Air Force does not have the internal organic resources to the job," Guerrero said. "Therefore, we partner with industry."

Jim Galie, director of PKI services for Electronic Data Systems Corp.'s Government Division, said the Air Force's requirements, particularly its application-centric approach to PKI, indicates that it understands the big picture when it comes to PKI. The Air Force proposal is "a very forward-looking and sophisticated view of what it takes to do large-scale PKI efforts," Galie said. "It demonstrates that they understand the complexities involved."

In fact, Galie said the Air Force's PKI plan seems to go "well beyond previous views of PKI" by stressing the importance of application support and not overstating the importance of certificate authorities. "Certificate authorities are just a slice of the overall PKI application solution," Galie said.

ESC plans to hold a bidders conference Aug. 20 at Kelly Air Force Base, where officials will address industry questions on the draft statement of work.