The Transglobal Secure Collaboration Program (TSCP), an IT security standards consortium that includes heavyweights such as the U.S. Department of Defense (DoD) and many of the largest government contractors in the world, is looking to broaden its ranks.
The TSCP -- founded in 2002 with the goal of bringing together government entities and members of the aerospace and defense industries to establish guidelines for secure collaboration -- said on Aug. 14 that is now looking to bring in systems integrators and software developers.
Along with the DoD, the TSCP counts the U.S. General Services Administration, the U.K. Ministry of Defense, and the Netherlands Ministry of Defense among its existing government participants. Vendors involved in the effort include BAE Systems, Boeing, EADS/Airbus, Lockheed Martin, Northrop Grumman, Raytheon, and Rolls-Royce.
The TSCP's charter calls for its members to establish specifications for secure online collaboration, identity federation, and digital rights management technologies to build common ground across those areas as they work together on sensitive projects.
TSCP leaders maintain that by getting all the parties involved to the same table to establish security standards for issues such as e-mail encryption, the governments and contractors will save vast amounts of time and money that may have otherwise been spent working on proprietary systems.
"Involvement in the group is sort of like binding arbitration, in the sense that the members have promised to contribute to these specifications and establish central guidelines to adhere to," said Jeff Nigriny, outreach director for TSCP and chief operating officer of CertiPath, which provides PKI management technology to the group.
"The only way to foster interoperability among these large players is to get them to agree on standards," he said. "We have some real technological fights, and some companies involved have been forced to throw things out that they've used in the past, but there's value in bringing this group together to address secure communications and collaboration."
In 2007, TSCP has focused primarily on building guidelines for secure e-mail and federated document sharing. Creating the standards will help the participants address both security and compliance issues, said Nigriny, in particular as the involved parties continue to embrace greater levels of outsourcing and shared infrastructure.
Once the policies have been approved, they will also be shared with the public.
At present, the group is in the process of implementing its secure e-mail guidelines, which are aimed at helping the various parties involved agree on common policies for handling messaging encryption.
Digital certificates and PKI systems have long suffered from a lack of central repositories, making it hard for workers to communicate across multiple organizations, Nigriny said.
By eliminating the need to move information over individual classified networks operated by the participants through use of a Web-based specification that handles behind-the-scenes processing of different PKI and LDAP systems, he said, the groups have been able to streamline communications considerably.
The TSCP secure e-mail guideline is expected to be adopted by all consortium members by the fourth quarter of 2007, after more than 18 months of joint work on the standard.