http://www.gcn.com/online/vol1_no1/46264-1.html By Wilson Dizard III GCN.com 05/15/08 A military cryptology organization has asked the vendor community for advice on some of the technology options available to help upgrade the government's classified communication systems. The Cryptologic Systems Group's Cryptographic Modernization Program Office at Lackland AFB, Texas, issued a request for information (RFI) [1] recently regarding multilevel security (MLS) and multiple independent levels of security. Both of those technologies cover systems that can handle classified information that falls into multiple security categories, including the traditional top-secret-and-above and secret-and-below, in addition to the security barriers between information domains operated by Pentagon agencies and foreign allies. Federal agencies often issue RFIs as they prepare procurement programs for information technology goods and services and other items. RFIs can provide useful insights into government agencies' potential future procurement activities, but the requests do not commit agencies to specific purchases. Also, the agencies frequently modify their procurement plans based on information they gather via the RFI process. Information that prospective vendors provide can alert agencies to newly available technologies, potential stumbling blocks or likely dead ends in the IT acquisition process. The National Security Agency is the Pentagon's lead agency for code development, or cryptography, and code breaking, cryptanalysis. The multilevel crypto work falls under a program run by the Air Force, but technologies the modernization program develops likely will be deployed across various offices in the military and intelligence communities when they receive certification and accreditation from NSA. The May 7 information request includes an annex that describes the government's multilevel crypto IT interests more fully. Some of the pivotal areas of interest are: * Aspects of MLS technologies that could be formulated into industry standards to provide greater efficiency in producing solutions. * How the Trusted Platform Module (TPM) can be used by a real-time operating system. * Specific components that would benefit from Application Specific Integrated Circuits (ASICs) produced by the DOD Trusted Foundry. The RFI shows how parts of its multilevel IT security description overlap with existing NSA projects. NSA's NetTop and High Assurance Platform (HAP), for example, rely on some of the same technologies that the information request provides. For example, the TPM that the RFI refers to forms a part of the HAP standards and specifications package. That package helps define how multilevel systems guard classified information from improper release or exploitation, including: * Asymmetric key generation. * Data encryption and decryption. * Handling the keys that TPMs sign and exchange. The prospect that multilevel systems could use ASICs produced by the Pentagon's own integrated circuit factory, or foundry, points to the crypto community's preference for embedding security features into chips and boards rather than using software to do so. Intelligence community technology specialists saythat preference has gained traction because of the increasingly large and sophisticated malware attacks on DOD systems. The RFI points to the crypto community's drive to create technology standards that would help IT specialists upgrade system security and lower the cost of developing future generations of classified systems. [1] http://preview.tinyurl.com/6j9c6k _______________________________________________ Attend Black Hat USA, August 2-7 in Las Vegas, the world's premier technical event for ICT security experts. Featuring 40 hands-on training courses and 80 Briefings presentations with lots of new content and new tools. Network with 4,000 delegates from 50 nations. Visit product displays by 30 top sponsors in a relaxed setting. http://www.blackhat.com
This archive was generated by hypermail 2.1.3 : Fri May 16 2008 - 01:17:40 PDT