Defense community on same page for secure e-mail

Defense officials and contractors in the United States and United Kingdom recently endorsed standards for secure e-mail circulated by the Transglobal Secure Collaboration Program, the organization has announced.

The transglobal program is a partnership of government and private organizations. Its requirements for secure e-mail were defined and endorsed by the U.S. Defense Department, U.K. Ministry of Defence, BAE Systems Inc., Boeing Co., EADS Corp., Lockheed Martin Corp., Northrop Grumman Corp., Raytheon Co. and Rolls-Royce.

The secure e-mail endorsed consists of commercial solutions, open-source software and a commercial trusted third-party service, CertiPath. "The resulting architecture guarantees that information only travels to and from trusted parties," the organization said in a news release.

"The most basic collaboration tool is e-mail, but it was never designed for security," Jim Cisneros, deputy chief information officer of Future Combat Systems at Boeing and chairman of the transglobal collaboration program, said in a statement. "Trusting the authenticity and accuracy of e-mails is imperative for government organizations, prime contractors and our suppliers to jointly develop new technologies and respond to emerging threats."

In the United States, the new specifications are being aimed for e-mails for "controlled unclassified information," which includes "for official use only" and "sensitive but unclassified" information.

In the United Kingdom, the protocols will be used for handling "U.K. Restricted" information. "Sending 'Restricted' e-mails to allies and suppliers is far more complex than it sounds, requiring a proven architecture behind the scenes to ensure maximum safeguards," John Cook, information advisor to the ministry, said in the news release. "Secure e-mail will become increasingly essential to do business with the Ministry of Defence."

Under the transglobal group's specifications, the secure e-mail system also requires using a public key infrastructure identity management program and end-user encryption. The system is intended to ensure, in real time, that the sender's and receiver's identities are known at a common level of assurance and are both still valid and the underlying identity management systems can be trusted.