E-Government and Security Issues

April 13, 2006

	Visited: 298
	Not rated
	Rate:

As previously discussed, all branches of federal government are required by law to migrate their business practices to a paperless operation. In implementing the new e-procurement way of contracting, it is clear that there is a need to ensure the confidentiality, security, and authentication of information exchanged between government and its contractors in the electronic environment.

The DoD, the buying giant of the federal government, has addressed the need for security in the e-government environment by adopting a mandatory system, referred to as "public key infrastructure" (PKI). PKI allows DoD to electronically communicate with industry by enabling paperless, secure, private electronic business contracting. In addition to adoption by DoD, PKI use is expanding at all levels, including federal, state, and local levels of government as well as in the private sector.

What is PKI? It works much like a realtor's lockbox. Under this arrangement, the seller has agreed to "trust" the realtor to gain access, via a key or combination to a lockbox, and show the home to prospective buyers when the seller is away.

PKI uses a process similar to the realtor's lockbox, although in this case the lockbox is digital and is stored on computers. For government contracting purposes, a unique PKI digital identity certificate file is issued to a contractor's authorized officer or agent. In essence, this PKI digital certificate file verifies that the contractor is in fact authorized to conduct business electronically with the government contracting office. In this way, PKI helps the contracting parties to establish a "trust relationship" while doing business via computers in a virtual world, and digitally protects the information assets of both parties in much the same way a lockbox protects the seller from allowing just anyone to enter the home while still providing access to the "trusted" parties and potential buyers.

In addition to ensuring the security of the electronic information at all times during transit through shared networks and storage on network servers and desktop hard drives, it ensures that the document being signed and sent online is from the company or person authorized to provide the information within the electronic document, that the document is legally signed in accordance with current federal and state laws, that the document has not been altered since being completed and electronically signed, and that the electronic document is time-stamped and requires an electronic return receipt.

What PKI Means to You

At this point, you may be wondering how all of this could affect you. Here are answers to the questions businesses most often ask about PKI.

Why not just use a PIN number? While a number of government agencies have successfully used PINs to provide security in innovative applications, particularly the Securities and Exchange Commission for regulatory filings and the Internal Revenue Service for tax filings, they are planning for an eventual transfer to digital signatures. PKI technology fosters interoperability across numerous applications--PIN numbers can't do that.

Are you required to get PKI-certified in order to do business with the government? No, not at this point. But the plan under federal e-government initiatives is to ultimately provide all U.S. citizens with a single entry point to all government online services and information through www.FirstGov.gov, a web portal from which anyone can access virtually all federal government information. The ability for a citizen to access information will be based on the nature and sensitivity of the information being accessed. Government contracting with federal agencies falls into the area that will require a PKI digital certificate authenticating the identity of the online user and insuring they have the authority to access and provide secure online data and documentation when required.

Does it cost anything to get PKI certification? There is no charge. It's just a matter of downloading and filling out a form from one of various sites. How do you get a digital ID or learn more? Microsoft Corp. in conjunction with Verisign.com has enabled their email applications, Outlook Express and Outlook 2000, to install PKI certificates. Microsoft and Verisign have also enabled Office XP and a number of versions of Internet Explorer browsers to include PKI digital certificates.

You can get a detailed explanation of how Verisign's PKI digital certificates work and instructions for obtaining a PKI certificate for your Outlook email at this site. You can also download a Microsoft Word Document explaining the security features of Outlook 2000 entitled "Out2000SR-1.doc" at this site. The following web sites can give you more detailed information on the various PKI programs for GSA, DoD, and the State of Illinois:

Security is, and will continue to be, an issue in many aspects of our lives, including e-business. Although digital authorization is not currently a requirement, it certainly may be one day. It's a good idea to keep yourself informed about changes and developments. In the next several years, you will start to see more adoption of digital identities through the government implementation of Homeland Security policies.