The Army is automating digital certificate monitoring in the field
- By Kevin McCaney
- Aug 10, 2016
As soldiers get more connected on the battlefield, they also have to carry more connected devices, which can create a problem in making sure those devices are authenticated and secure.
At the moment, it’s a largely manual process in which soldiers must remove the certificates from each of their devices to check to check the expiration date on the certificate. The certificates ensure that the user is who he says he is and that the data on the device is valid and hasn’t been altered, so that an encrypted session can follow. But that manual process can out a crimp in things during a mission, particularly is a certificate expires before the date is noticed.
Soldiers ran into this problem, for instance, during this spring’s Cyber Blitz exercise, in which the Army explored how cyber activities and electronic warfare played into realistic training scenarios.
One way to make life easier for device-laden soldiers is turning over certificate-monitoring duties to a tool called Public Key Infrastructure in a Tactical Environment, or PKITE, which automatically gathers information on the devices’ certificates, plugs that data into a dashboard which soldiers can check and alerts a soldier when a certificate is due to expire.
Developed by the Army’s Communications-Electronics Research, Development and Engineering Center, PKITE recently was transitioned to Program Executive Office Command, Control, Communications- Tactical, as a program of record for the next iteration of the Army’s battlefield network, the Warfighter Information Network – Tactical, or WIN-T, Increment 3, CERDEC said in a release.
“One of the major challenges the Army has faced as we start to put certificates on devices is that it is a very manual process for the soldier to go to each device, look at the certificate, and say ‘Oh, it’s going to expire in six months’,” Bob Fedorchak, CERDEC Space and Terrestrial Communications Directorate, or S&TCD. “Right now, it’s completely manual, but we have automated that process by providing soldiers with a Web service that allows them to monitor the certificates automatically.”
During Cyber Blitz, the Army tested the system with two groups—a sort of control group that did things the old-fashioned, manual way and a group equipped with PKITE. The first group ran into two failures, and while one of them was fairly easy to work around, the second involved a lot more time, the Army said. PKITE, on the other hand, kept the automations officer apprised of certificates’ expiration dates, allowing for timely replacements.
PKITE currently is in Version 1.0, and CERDEC plans to develop upgrades and other services, although the center will not be part of the program office’s official program.
Kevin McCaney is a former editor of Defense Systems and GCN.