Securing Trust in the Aerospace and Defense Supply Chain

Boeing obtains first cross-certification as CertiPath's "trusted bridge" goes live to securely link A&D contractors with one another, key U.S. government agencies

Mountain View, CA  May 19, 2006  B2B connectivity platform CertiPath went live today, launching as the aerospace and defense (A&D) industry's first secure "bridge" directly linking commercial contractors with one another and more than 500,000 colleagues at key government agencies, including the Department of Homeland Security and the Treasury and State Departments.

Boeing became the first company to receive cross-certification in this commercial-to-government "trust chain" at a ceremony held at VeriSign's network headquarters today.

By linking to the established U.S. Federal Bridge Certificate Authority (FBCA), the CertiPath bridge is intended to create a many-to-many trust relationship that gives aerospace and defense contractors a reliable, trusted way to exchange information securely among themselves and with various federal agencies.

CertiPath believes it is on the path to becoming the industry's de facto access point to all federal agencies for the commercial A&D market, as well as a key component of industry and government-wide single sign-on. CertiPath's approach is intended to streamline collaborative engineering, using digital signatures to secure document and e-mail exchanges and any transactions requiring a high assurance of someone's identity.

"We're committed to streamlining the process of doing business with the federal government," said Dr. Peter Alterman, Chair of the Federal PKI Policy Authority. "CertiPath delivers a huge payback. Agencies and contractors can come together to move projects forward with the highest level of assurance and security, and with much less bureaucracy."

CertiPath is a joint venture of ARINC, Exostar, LLC and SITA, three of the world's top service providers to the A&D industry. The six charter member companies  Boeing, Lockheed Martin, BAE Systems, Raytheon, Northrop Grumman and EADS/Airbus  have more than 1 million employees and 20,000 suppliers.

Boeing Takes the First Step

Before the CertiPath Bridge, each employee, on each project, required distinct and unique identity certification. Every time companies collaborated on a new project, the layers of required certification multiplied. CertiPath said it eliminates this overhead by providing assurance that its members' vetted, self-issued secure identities can be relied on by partners, suppliers and customers  including government agencies. It also supports international government authorities and their contactors.

"CertiPath instantly revs up the efficiency of collaboration in the A&D industry," said Jeff Nigriny, president and chief technology officer of CertiPath. "We're eliminating the hidden cost of managing the millions of specific project and program identities and passwords that are often lost, forgotten or out-of-date, but still active."

Like many A&D companies, Boeing offers its 153,000 employees multiple levels of trusted access, including use of its internal public key infrastructure (PKI). CertiPath said it lets Boeing leverage that investment to collaborate much more securely with its business partners.

"Cross-certification with the CertiPath Bridge is a major step in both facilitating and securing communications between Boeing and our many customers and suppliers," said Janet Marott, director of information protection and assurance at Boeing. "We view this capability as absolutely critical because it establishes verifiable chains of trust through CertiPath without causing Boeing to have to verify trust with each and every business partner."

The formal production key ceremony occurred this week at VeriSign's network headquarters here, where CertiPath exchanged digital cross-certificates with the U.S. Federal Bridge CA and Boeing. VeriSign creates the PKI certificates for CertiPath that enable the bridge-to-bridge trust.

How It Works

CertiPath members' employees and contractors can use their single high-value credential, enabled by the bridge, to access any point. The bridge is the first offering from CertiPath, and meets federal agencies' stringent requirements for medium- and high-assurance certification.

CertiPath said that provides these secure, trusted identities by enforcing a common standard across all of its member companies. It correlates hundreds of policy mapping points for each organization, including technical, governance and procedural controls around physical and logical access to the identity management infrastructure.

It supports many aspects of the Federal Information Processing Standard (FIPS) 201, designed to improve the identification and authentication of federal employees and contractors for access to federal facilities and information systems. The first phase goes into effect this October.

"Once you know who someone really is in an online environment, you want to be sure that the information they're allowed to receive is really getting to them," said Nigriny. "We're delivering a way to provide credentials far more secure than any password with far more reach."

---

Additional Articles of Interest

 For the latest facts, figures and benchmarking data from the supply chain industry, read the "Running the Numbers column in the April/May 2006 issue of Supply & Demand Chain Executive.

 For a quick-read update on supply chain enablement projects and solutions for the busy executive, read the "Supply Chain Executive Briefing" in the April/May 2006 issue of Supply & Demand Chain Executive.

---