Search /
Docfinder:
Advanced search  |  Help  |  Site map
RESEARCH CENTERS
SITE RESOURCES
Click for Layer 8! No, really, click NOW!
Networking for Small Business
TODAY'S NEWS
Where's my gigabit Internet, anyway?
Americans cool with lab-grown organs, but not designer babies
IE6: Retired but not dead yet
Enterprise who? Google says little about Apps, business cloud services in Q1 report
DDoS Attackers Change Techniques To Wallop Sites
Can we talk? Internet of Things vendors face a communications 'mess'
AMD's profitability streak ends at two quarters
Michaels says breach at its stores affected nearly 3M payment cards
Exclusive: Google's Project Loon tests move to LTE band in Nevada
H-1B loophole may help California utility offshore IT jobs
How a cyber cop patrols the underworld of e-commerce
For Red Hat, it's RHEL and then…?
Will the Internet of Things Become the Internet of Broken Things?
Kill switches coming to iPhone, Android, Windows devices in 2015
Israeli start-up, working with GE, out to detect Stuxnet-like attacks
Galaxy S5 deep-dive review: Long on hype, short on delivery
Google revenue jumps 19 percent but still disappoints
Windows XP's retirement turns into major security project for Chinese firm
Teen arrested in Heartbleed attack against Canadian tax site
Still deploying 11n Wi-Fi?  You might want to think again
Collaboration 2.0: Old meets new
9 Things You Need to Know Before You Store Data in the Cloud
Can Heartbleed be used in DDoS attacks?
Secure browsers offer alternatives to Chrome, IE and Firefox
Linksys WRT1900AC Wi-Fi router: Faster than anything we've tested
Where's my gigabit Internet, anyway?
Americans cool with lab-grown organs, but not designer babies
IE6: Retired but not dead yet
Enterprise who? Google says little about Apps, business cloud services in Q1 report
DDoS Attackers Change Techniques To Wallop Sites
Can we talk? Internet of Things vendors face a communications 'mess'
AMD's profitability streak ends at two quarters
Michaels says breach at its stores affected nearly 3M payment cards
Exclusive: Google's Project Loon tests move to LTE band in Nevada
H-1B loophole may help California utility offshore IT jobs
How a cyber cop patrols the underworld of e-commerce
For Red Hat, it's RHEL and then…?
Will the Internet of Things Become the Internet of Broken Things?
Kill switches coming to iPhone, Android, Windows devices in 2015
Israeli start-up, working with GE, out to detect Stuxnet-like attacks
Galaxy S5 deep-dive review: Long on hype, short on delivery
Google revenue jumps 19 percent but still disappoints
Windows XP's retirement turns into major security project for Chinese firm
Teen arrested in Heartbleed attack against Canadian tax site
Still deploying 11n Wi-Fi?  You might want to think again
Collaboration 2.0: Old meets new
9 Things You Need to Know Before You Store Data in the Cloud
Can Heartbleed be used in DDoS attacks?
Secure browsers offer alternatives to Chrome, IE and Firefox
Linksys WRT1900AC Wi-Fi router: Faster than anything we've tested
More articles »         Send to a friend Feedback

Getting plugged in to E-Government

Ambitious program comprises two-dozen projects, including e-Authentication effort focused on establishing online trust relationships.

Related linksToday's breaking news
Send to a friendFeedback


Apply for Social Security benefits, reserve campground space at a national park or comment on pending legislation all from the comfort of your Internet-connected home computer.

That's the scenario envisioned by the U.S. government under its broadly termed "E-Government" plan to simplify delivery of its services to citizens, businesses and municipalities.

The strategy is one of five that President Bush has adopted as part of his management reform agenda, which is aimed at making government more about citizens than bureaucracies.

"Just like companies were product-centered, governments tend to be agency-centered," says Mark Forman, associate director for IT and E-Government at the U.S. Office of Management and Budget (OMB). "The president wants the government to look across the agencies and focus on the citizens."

Forman is a man who could help make that happen. He oversees federal IT spending which will exceed $48 billion this year and $52 billion in 2003 and he is leading the federal government's digital remodeling.

Last fall, a Forman-led task force of 81 members from 46 agencies identified 24 "high-payoff" projects to focus on during the next 18 to 24 months. These projects will consolidate several hundred overlapping IT projects in the federal government, Forman says. Their expected payoff will be in the form of improved operating efficiencies, more targeted spending and less paperwork, totaling possibly several billion dollars in savings, the task force concluded.


Fusion exclusive: E-Government: Two dozen projects in the works
PKI particulars

For the most part, the projects fall into four categories, organized around interactions with citizens, businesses, states and localities, and internal users. For example, Online Access for Loans will help citizens and businesses find the right loan option for their needs; Federal Asset Sales will consolidate 150 disparate sites dedicated to selling federal assets; and e-Training will provide a centralized repository of government courseware.

Forman says the current administration's e-government efforts are not cosmetic, not simply putting up Web content which he calls "Web enablement." The federal government already has plenty of Web content, with more than 33 million Web pages and 22,000 Web sites, he says. "We do not do Web enablement. Web enablement locks in poor customer service for us," Forman says, referring to Web sites that merely put a new face on old processes.

Rather, the projects are about backstage fixes for example, integrating multiple agencies' systems to streamline the process of applying for an economic development grant, which today could require a community to file more than 1,000 forms with 250 federal bureaus. "Pretty soon you'll see a lot better service, but it's not because there's a prettier Web site. It's because we've fixed the redundancy," Forman says.

In its strategizing, the task force identified potential obstacles that could derail the E-Government effort. Recurring barriers included agency culture, stakeholder resistance, resources and trust.

Overcoming close-minded agency cultures and stakeholder resistance are management issues mitigation requires strong leadership, communication and engaging resistant parties, the task force determined. Forman says collaboration among agencies is sometimes very easy. "The people have wanted to collaborate, they just were looking for leadership. And now the White House, via my office, is providing that," he says.

The resources issue might be mitigated by moving resources to programs with the greatest potential, the task force says.

The trust issue, it turns out, requires an initiative of its own: e-Authentication.

Security plus privacy

E-Authentication is one of 24 official E-Government initiatives, though it differs because it's an infrastructure project that is intended to be used by the other task-oriented initiatives.

A linchpin of E-Government, the authentication project will set a standard for determining identity, says Jeanette Thornton, portfolio manager for e-Authentication at OMB. Among the 22 other projects, there is a need for such features as access control and digital signature support to ensure secure communications and transactions. Rather than address authentication separately for each initiative, the e-Authentication project provides a shared service that lays out a method for proving identity to the federal government, says Thornton, who acts as a liaison between OMB and the e-Authentication project team.

Granularity is a key part of e-Authentication. Different applications require different levels of security, which need to be defined through business policies. Potentially, a user will present a credential a password, certificate, smart card or token to access to the appropriate applications.

"There are lots of transactions buried in 22,000 Web sites, lots of opportunities for authentication," Forman says. "To allow a citizen to do a simple transaction that cuts across agencies, the authentication infrastructure has to be built."

Some of the funding to do that is in the bag. In April, OMB allotted $2 million to get the e-Authentication project started. Today, the project is in the definition-and-requirements stage. Steve Timchak, program manager for the e-Authentication initiative, leads the project team. Timchak is with the General Services Administration (GSA), which is the agency charged with managing e-Authentication.

 PKI particulars

The concept of a single security gateway for authenticating users of E-Government services might seem straightforward, but the reality of assembling such a beast can be pretty complex. Here are a few issues the e-Authentication project teams might face:

  • Component interoperability. A registration authority from one vendor, smart card from another vendor and certificate authority from a third company often just don't play together. "Some of the standards were never completely agreed on by the important vendors, other standards are very complex. There are details that can go wrong," says Daniel Blum, an analyst with The Burton Group and a Network World columnist.
  • Application integration. It's a Catch-22: There hasn't been great incentive to adopt public-key infrastructure because few applications have been integrated with PKI and because PKI adoption is low, few developers have done the work required to build complex PKI support into their applications.
  • Policy interoperability. The whole government hasn't agreed on a common policy classification scheme, so it might be that what the Air Force considers sensitive and what the Internal Revenue Service considers sensitive and what General Services Administration considers sensitive are three different things.
  • Scalability. Entities such as the Federal Bridge Certificate Authority (a trust clearinghouse that handles interoperability among federal agency PKI domains) have been running in pilot mode and, therefore, don't have the infrastructure to handle millions or billions of transactions per day which is what the infrastructure might have to deal with if the government starts enabling widespread PKI. To set up such a huge infrastructure will take lots of time and money, Blum says. "Realistically they'll probably do something like crawl, walk, run. But right now they're barely crawling," he says.
  • Product pool. Choosing vendors with staying power is key. Many of the small companies that provide PKI products have been hammered by the poor economy.

Ann Bednarz

He says the project team has three primary tasks: determine the authentication requirements for each of the E-Government initiatives; build an authentication gateway to map authentication levels to the different applications; and provide common solutions for varying authentication needs.

Basically, it's about providing a level of trust appropriate to the application, Timchak says. Some transactions require strong authentication, others won't. Making a payment to the Internal Revenue Service might require a public-key infrastructure (PKI)-type credential, whereas for browsing business loan options, an ISP-provided personal identification number and password might be sufficient.

The key is not to grossly over- or under-secure any transaction. "We certainly don't think that we're going to issue digital credentials to 285 million Americans by any means," Timchak says.

To determine the level of security required, the GSA-led project team is using a modified version of the Operationally Critical Threat, Asset and Vulnerability Evaluation tool developed by the CERT Coordination Center at Carnegie Mellon University.

On the security technology front, the government is getting a hand from Mitretek Systems, a nonprofit organization that held a "technical exchange day" in June to brief security vendors on the government's authentication plans at least at a conceptual level. The next step is to issue a request for information to vendors, followed by a request for proposal.

Based on its interaction with industry vendors, Mitretek then will develop, build and deploy a prototype gateway, which team members expect to be operational and processing live transactions from at least one other E-Government project in September. Full deployment of the gateway will follow a year later, according to estimates.

"We have a pretty rigorous schedule we have to adhere to," Timchak says.

Fortunately, GSA and company aren't starting from scratch. The e-Authentication initiative builds on existing government efforts to secure Internet transactions. The GSA, through its Access Certificates for Electronic Services program and the National Finance Center, has established models for acquiring technology to authenticate users, Timchak says.

"What we would like agencies to consider is taking a look at those contract vehicles for PKI that are already in place within the government," Timchak says. "Any business case certainly ought to consider what's already in place and use it if it makes sense to."

Contact Senior Writer Ann Bednarz

Other recent articles by Bednarz

Related Links

E-Government Strategy
From the White House Web site.

President Bush's management agenda (PDF)
From the White House Web site.

e-Authentication home page
Chief Information Officers Council Web site.

Federal PKI Policy Authority
Chief Information Officers Council Web site.

Senate passes e-government bill
The U.S. Senate unanimously passed a bill that proposes funding initiatives to make federal government information and services more readily available online. IDG News Service, 06/28/02.

E-gov official touts Internet's transformative power
As it seeks a major increase in its IT budget to $52 billion next year, the Bush Administration is looking for ways to use the Internet to radically change how the federal government does business, rather than merely Web-enabling existing applications and processes. Network World Fusion, 04/11/02.

Contact Senior Writer Ann Bednarz

Other recent articles by Bednarz

Apply for your free subscription to Network World. Click here. Or get Network World delivered in PDF each week.

Get Copyright Clearance
Request a reprint or permission to use this article.


NWFusion offers more than 40 FREE technology-specific email newsletters in key network technology areas such as NSM, VPNs, Convergence, Security and more.
Click here to sign up!
New Event - WANs: Optimizing Your Network Now.
Hear from the experts about the innovations that are already starting to shake up the WAN world. Free Network World Technology Tour and Expo in Dallas, San Francisco, Washington DC, and New York.
Attend FREE
Your FREE Network World subscription will also include breaking news and information on wireless, storage, infrastructure, carriers and SPs, enterprise applications, videoconferencing, plus product reviews, technology insiders, management surveys and technology updates - GET IT NOW.