Marines move toward PKI

The Marine Corps' Marine Forces Pacific is scheduled to transition to a new public-key infrastructure early next year, but it found that the process has been more difficult than anticipated.

Downloading the personal certificates from a certificate authority on the mainland has proven to be a time-consuming and frustrating process, which has lead the command to request a certificate authority be placed in the Pacific region.

Col. Mark Clapp of Marine Forces Pacific said all of the command's private Web servers have been issued PKI server certificates, and more than 600 end-user certificates have been generated from the certificate authority in Chambersburg, Pa.

But only 429 of those personal certificates, which represent about half of the Marine Forces Pacific staff, have been successfully downloaded, and integration with the Defense Department's Common Access Cards (CAC) looms next year, Clapp said.

DOD employees with the cards should be able to use them to access any military system they are cleared for, no matter where a system is located. The ultimate goal is to have one card that will work across all of government — civilian and military — and provide secure logical and physical access wherever the holder goes, but currently the card can't hold multiple PKI certificates, he said.

Speaking as part of a Nov. 21 panel at AFCEA International's TechNet Asia-Pacific 2002 Conference and Exposition in Honolulu, Clapp said that in addition to the lengthy certificate authority process, which must be restarted from the beginning if a connection is lost, regardless of how far along the process was, other challenges include getting Marine Forces Pacific to accept the new PKI culture and outfitting all new computers with CAC readers.

To help ensure that Marine Forces Pacific is ready to transition to the new PKI "early in the second quarter of 2003," Clapp said Marine Forces Pacific has requested that a regional certificate authority be placed in the Pacific region.

Army Col. Randy Strong of Pacific Command agreed, saying that Pacom headquarters has been pushing "very hard" for the Defense Information Systems Agency, which manages the Chambersburg certificate authority and another in Denver, to set up a regional facility to serve the Pacific.