PKI policy protects Air Force networks

  • Published
  • By Josh Aycock
  • Air Combat Command Public Affairs
LANGLEY AIR FORCE BASE, Va. (AFNEWS) --  The Air Force's policy on encrypting and digitally signing e-mails is now in effect to ensure security and reliability of information as the battle for cyberspace dominance continues. 

Officially called the Air Force Public Key Infrastructure Policy on Encrypting and Digitally Signing E-mails, it is designed to combat adversaries' growing attempts at network infiltration and sending barrages of malicious e-mails. 

PKI is not simply a program. It is a combination of hardware, software, policies and procedures that allows users to securely send and receive e-mails. Every user has a personal identity on the Air Force network and now has the ability to protect their identity. 

Defense Department networks sustain up to six million attacks per day, said Lt. Gen. Charles E. Croom, Jr., director of the Defense Information Systems Agency and commander of the Joint Task Force-Global Network Operations, in a speech given at the 2007 Armed Forces Communications and Electronics Association SpaceComm conference. 

A digital signature is the same as a signature on a piece of paper, they both are legally binding. Digital signatures also assure the recipient of the sender's identity and reaffirm that an e-mail remains unaltered through transmission. 

Message encryption assures the sender that only the intended recipient will have the ability to receive and read the message. 

"An encrypted message uses the information in your [Common Access Card] to lock the message down and only make it accessible to someone with another CAC who accepts your signature off the card," said Senior Airman Jeff Gotcher, 52nd Communication Squadron network security technician. "Network security personnel are constantly staying up-to-date on the newest technology to keep our network running smoothly and with great accessibility." 

In addition to being digitally signed, e-mail messages that contain sensitive, but unclassified information or mission critical information should also be encrypted with the PKI certificates to ensure confidentiality, according to the policy. Examples include e-mails containing for official use only information, Privacy Act Information or personally identifiable information, according to the policy. 

"Our network is one of the most expensive assets at Malmstrom as well as for each base in the Air Force," said Senior Airman Brandon Pettersen, 341st CS Web master. "Keeping it clean and running efficiently is a top priority in today's Air Force. We depend on our electronic communications for information gathering, and by allowing the free usage of government machines, you run the risk of viruses and broken equipment that could risk very important information and waste government funds." 

For more information on how and when to use PKI visit the PKI Web site at: https://afpki.lackland.af.mil/html/awareness.asp.  

(Senior Airman Eydie Sakura, 341st Space Wing Public Affairs, contributed to this story). 


Did you know...?
1. ...by having base personnel take advantage of the convenience and efficiency of the CAC PIN Reset Workstations strategically located throughout the installation, it will significantly reduce the number of man-hours lost due to waiting in line at Military Personnel Flight just to have a CAC PIN reset? Do you know where your CAC PIN Reset Workstations are? 

2. ...you can log onto the Air Force Portal with your CAC? It eliminates the need to remember additional user names and passwords. 

3. ...you never have to change your CAC PIN unless you feel it's been compromised? The CAC PIN is secure because it is encoded in the microchip of the card, not stored in a password file on the network. Nor does it travel across the network when logging onto your workstation. Only you should know your PIN; it should never be shared with anyone, written down, or of a number that is easily associated with you, such as birth date, phone number, or part of your social security number. 

4. ...if you experience a change in your e-mail address, such as a change of duty station, then the e-mail signature certificate encoded on the microchip of the ID card must be updated to reflect the change. The Air Force is currently implementing Smart Card Logon, which will require you to log onto your unclassified network with your ID card. The e-mail signature certificate is used by SCL to identify who you are to the network before allowing you access. If the e-mail address is not current, then you may encounter logon errors. 

5. ...DoD contractors will be required to log onto the unclassified networks using DoD-issued digital certificates? Contractors working on-site are authorized to be issued a CAC with DoD-approved digital certificates, but external vendors and contractors working off-site will need to acquire digital certificates from one of the DoD approved External Certificate Authorities. ECA certificates are recognized by DoD networks and applications for logging onto the network and digitally signing and/or encrypting sensitive, but unclassified electronic transactions exchanged with DoD agencies. ECA information can be found at http://iase.disa.mil/pki/eca/.