[ISN] NSA begins crypto upgrade

From: InfoSec News (isnat_private)
Date: Sun Sep 09 2001 - 22:20:49 PDT

  • Next message: InfoSec News: "[ISN] Hacking, youth mark Internet"

    http://www.fcw.com/fcw/articles/2001/0910/news-nsa-09-10-01.asp
    
    By George I. Seffers 
    Sept. 10, 2001
    
    The National Security Agency is beginning a 15-year,
    multibillion-dollar effort to modernize the nation's cryptographic
    systems, which are rapidly growing obsolete and vulnerable.
    
    Cryptographic systems encode messages and include such tools as secure
    telephones, tactical radios and smart cards. Virtually every federal
    department and agencyincluding the military, the White House,
    intelligence agencies and the State Departmentuse encryption.
    
    But existing encryption algorithms are no longer cutting-edge, and
    hardware for many systems is becoming obsolete. Replacing them is a
    top goal for NSA's information assurance directorate, said Michael
    Jacobs, who heads the directorate.
    
    "When it comes to protecting our information, the first line of
    defense is NSA- provided cryptography," said Vice Adm. Richard Mayo,
    Navy director of space, information warfare, command and control,
    speaking before the House Armed Services Committee in May. Mayo said
    the Navy, joint forces and allied militaries have more than "400,000
    such cryptographic products of varying type in our inventory for
    voice, video and data."
    
    "A lot of that [hardware] technology is at or [is] getting to the
    point where you cannot obtain replacement parts, so it's becoming a
    maintenance problem," Jacobs said. He noted that the security features
    in the cryptographic systems"specifically the underlying cryptographic
    algorithms"are nearing the end of their life expectancy.
    
    The agency recently published a cryptography plan and shared its
    vision with 70 potential vendors this summer. NSA will fund early
    development of new technologies under the Crypto Moderni.zation
    Program, and the various departments and agencies will acquire the
    systems once they have been developed.
    
    "Information system security is the name of the game, and if NSA
    cannot guarantee that security, it is a serious problem," said Steven
    Aftergood, intelligence policy analyst for the Federation of American
    Scientists. "It's a problem for everyone who depends on secure
    communications, and that's almost everyone in government."
    
    NSA's budget is classified, but Jacobs said the agency has budgeted
    "multiple millions" of dollars just to update its cryptographic
    systems in 2002 and is seeking to increase funding in its 2003 to 2008
    budget plan.
    
    "We're at the front end of this process, which in terms of dollar
    value is a lot smaller than the middle and back end, where acquisition
    starts," Jacobs said.
    
    Agency officials must decide which families of equipment they
    initially want to modify or replace; the first modernized products
    will likely be delivered in 2004.
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.
    



    This archive was generated by hypermail 2b30 : Mon Sep 10 2001 - 00:24:56 PDT