New e-mail policy on the horizon

  • Published
  • By Master Sgt. Keith Rogers
  • 4th Communications Squadron
In the upcoming months, Seymour Johnson will take another step toward ensuring the Air Force gets the upper hand in the battle for cyberspace superiority. 

A new policy, officially called the Air Force Public Key Infrastructure (PKI) Policy on Encrypting and Digitally Signing E-mails, will be implemented to help minimize operational security vulnerabilities by limiting email access to only its intended recipient.
Within the last 10 to 15 years, Air Force personnel have grown more reliant on global communications. Unfortunately, the means by which we communicate and the information that we transmit are extremely vulnerable to crimes like eavesdropping, identity theft, hackers, viruses and other known and unknown threats. These threats present a hindrance to our ability to provide "air power, on-target, on-time, for America," which in turn threatens our ability to maintain air and space superiority. 

In an effort to counter these threats, the Air Force is enhancing existing information security defenses as well as implementing new measures, like PKI, to increase our information security posture and secure the integrity of our data networks. 

PKI is a combination of hardware, software and policies that allow users to send and receive e-mail. It uses a Common Access Card (CAC) to store digital signatures and encryption keys, which can be accessed as needed to encrypt and digitally sign a user's information. 

A digital signature will act the same as a signature on a piece of paper and is legally binding. 

The message encryption portion of PKI assures the sender that only the intended recipient will have the ability to read the message. 

When used properly, PKI will verify that users are who they say they are, protect your data from unauthorized modification during transmission, storage and processing, provide assurance that a sender of a digitally signed email is legally bound by the transaction and protect data from unauthorized viewing. 

While not mandatory for every e-mail that a person sends, Air Force policy does have some instances when digital signature and encryption is mandatory. 

According to the policy, PKI is mandatory when conducting official Air Force business through electronic means. Other examples on when to use digital signatures include formal direction to a government employee or contractor, messages that stipulate an Air Force official position on any matter and messages that commit to, authorize or deny the use of funds in some manner. 

When e-mail messages contain sensitive, but unclassified information or mission critical information, the e-mail must also be encrypted with the PKI certificates to ensure confidentiality. Examples of these types of e-mails include e-mails containing For Official Use Only information, Privacy Act Information or personally identifiable information. Though this is an effective means of protecting our information there are still some limitations to its use. 

It is important to note that the encryption and digital signature features are not automatically enabled when users log onto the network using your CAC. Either or both of these two functions must be specifically enabled for each email that falls under the mandatory PKI use guidelines. CAC-exempt users will need to use their CAC in order to use these critical security features. 

Users of wireless handheld devices (e.g. BlackBerry, other PDA devices) will not be able to view or forward e-mail that has been encrypted and/or digitally signed unless additional hardware and software are installed. Personnel are cautioned to be watchful of the message content when creating e-mail using these devices, to ensure that it does not fall under mandatory PKI use guidelines. The additional hardware and software to enable wireless handheld users to take full advantage of PKI is available and currently costs approximately $350. These items are unit funded and more information can be obtained by contacting the base equipment control officer at 722-5529. 

With the rapid changes in the information technology spectrum, the Air Force is taking the lead to establish air, space and now cyberspace dominance. The Secretary of the Air Force states in his Letter to Airmen on Cyberspace Operations, "Just as Billy Mitchell endeavored to prove the potential of air power to a skeptical nation, we must now prove the critical importance of cyberspace as a war fighting domain." 

To achieve cyberspace dominance we rely on the AF core competency of information superiority. To achieve information superiority we have to rely on each AF member to protect our information and deny the enemy any advantage in operations. 

For more information on PKI visit the PKI Web site at: https://afpki.lackland.af.mil/html/awareness.asp.