The Transglobal Secure Collaboration Program (TSCP) - an IT security standards consortium that includes heavyweights such as the US Department of Defense (DoD) and many of the largest government contractors in the world, is looking to broaden its ranks.
The TSCP - founded in 2002 with the goal of bringing together government entities and members of the aerospace and defence industries to establish guidelines for secure collaboration - said on 14 August that is now looking to bring in systems integrators and software developers.
Along with the DoD, the TSCP counts the US General Services Administration, the UK Ministry of Defence and the Netherlands Ministry of Defence among its existing government participants. Vendors involved in the effort include BAE Systems, Boeing, EADS/Airbus, Lockheed Martin, Northrop Grumman, Raytheon and Rolls-Royce.
The TSCP's charter calls for its members to establish specifications for secure online collaboration, identity federation and digital rights management technologies to build common ground across those areas as they work together on sensitive projects.
TSCP leaders maintain that by getting all the parties involved to the same table to establish security standards for issues such as email encryption, the governments and contractors will save vast amounts of time and money that may have otherwise been spent working on proprietary systems.
"Involvement in the group is sort of like binding arbitration, in the sense that the members have promised to contribute to these specifications and establish central guidelines to adhere to," said Jeff Nigriny, outreach director for TSCP and chief operating officer of CertiPath, which provides PKI management technology to the group.
"The only way to foster interoperability among these large players is to get them to agree on standards," he said. "We have some real technological fights, and some companies involved have been forced to throw things out that they've used in the past, but there's value in bringing this group together to address secure communications and collaboration."
In 2007, TSCP has focused primarily on building guidelines for secure e-mail and federated document sharing. Creating the standards will help the participants address both security and compliance issues, said Nigriny, in particular as the involved parties continue to embrace greater levels of outsourcing and shared infrastructure.
Once the policies have been approved, they will also be shared with the public.
At present, the group is in the process of implementing its secure e-mail guidelines, which are aimed at helping the various parties involved agree on common policies for handling messaging encryption.
Digital certificates and PKI systems have long suffered from a lack of central repositories, making it hard for workers to communicate across multiple organisations, Nigriny said.