The nation's top secret spy agency, the National Security Agency
(NSA), is bringing battlefield encryption to today's woefully insecure
electronic data interchange.
Last week, the NSA launched an EDI pilot project to purchase goods
electronically from approximately seven vendors, such as IBM and Xerox
Corp., using the NSA's Fortezza PC Card.
The Fortezza card, which holds the user's X.509 public-key
certificate, will be used by the NSA to digitally sign and encrypt
transactions such as requests for quotes, responses, purchase orders,
acknowledgments and invoices.
Fortezza is already being used in the Defense Message System to
encrypt E-mail.
The U.S. Army, Navy and Air Force - which already purchase goods using
unencrypted EDI - may also end up using Fortezza for EDI because the NSA,
headquartered at Fort Meade, Md., typically guides security communications
policy for the entire military.
As a consequence, the vendors that do billions of dollars of business
a year with the Department of Defense would have to use Fortezza-based EDI
as well.
'This is our first initiative under the Defense Department mandate
that all agencies do EDI by 1999,' said Darlene Pencek, NSA's EDI program
manager.
What to do
Next week, the federal agencies, and the network and software
companies most closely involved in the government's electronic commerce
efforts, will convene at the Logistics Management Institute in Tyson's
Corner, Va., to debate which security scheme the government's IP-based
electronic commerce model should follow.
'I feel certain NSA will put Fortezza on the table,' said Lebbeus
Curtis, chief of the customer support engineering division at the Defense
Information Systems Agency, who will chair the meeting.
Curtis said he expects to hear the industry push for alternative
encryption approaches, such as RSA Data Security, Inc.'s public-key
infrastructure or even Pretty Good Privacy.
