[ISN] Pentagon seeks advice on classified systems

From: InfoSec News (alerts@private)
Date: Fri May 16 2008 - 01:04:57 PDT


By Wilson Dizard III

A military cryptology organization has asked the vendor community for 
advice on some of the technology options available to help upgrade the 
government's classified communication systems.

The Cryptologic Systems Group's Cryptographic Modernization Program 
Office at Lackland AFB, Texas, issued a request for information (RFI) 
[1] recently regarding multilevel security (MLS) and multiple 
independent levels of security.

Both of those technologies cover systems that can handle classified 
information that falls into multiple security categories, including the 
traditional top-secret-and-above and secret-and-below, in addition to 
the security barriers between information domains operated by Pentagon 
agencies and foreign allies.

Federal agencies often issue RFIs as they prepare procurement programs 
for information technology goods and services and other items.

RFIs can provide useful insights into government agencies' potential 
future procurement activities, but the requests do not commit agencies 
to specific purchases. Also, the agencies frequently modify their 
procurement plans based on information they gather via the RFI process. 
Information that prospective vendors provide can alert agencies to newly 
available technologies, potential stumbling blocks or likely dead ends 
in the IT acquisition process.

The National Security Agency is the Pentagon's lead agency for code 
development, or cryptography, and code breaking, cryptanalysis.

The multilevel crypto work falls under a program run by the Air Force, 
but technologies the modernization program develops likely will be 
deployed across various offices in the military and intelligence 
communities when they receive certification and accreditation from NSA.

The May 7 information request includes an annex that describes the 
government's multilevel crypto IT interests more fully.

Some of the pivotal areas of interest are:

    * Aspects of MLS technologies that could be formulated into industry 
      standards to provide greater efficiency in producing solutions.

    * How the Trusted Platform Module (TPM) can be used by a real-time 
      operating system.

    * Specific components that would benefit from Application Specific 
      Integrated Circuits (ASICs) produced by the DOD Trusted Foundry.

The RFI shows how parts of its multilevel IT security description 
overlap with existing NSA projects. NSA's NetTop and High Assurance 
Platform (HAP), for example, rely on some of the same technologies that 
the information request provides.

For example, the TPM that the RFI refers to forms a part of the HAP 
standards and specifications package. That package helps define how 
multilevel systems guard classified information from improper release or 
exploitation, including:

    * Asymmetric key generation.
    * Data encryption and decryption.
    * Handling the keys that TPMs sign and exchange.

The prospect that multilevel systems could use ASICs produced by the 
Pentagon's own integrated circuit factory, or foundry, points to the 
crypto community's preference for embedding security features into chips 
and boards rather than using software to do so.

Intelligence community technology specialists saythat preference has 
gained traction because of the increasingly large and sophisticated 
malware attacks on DOD systems.

The RFI points to the crypto community's drive to create technology 
standards that would help IT specialists upgrade system security and 
lower the cost of developing future generations of classified systems.

[1] http://preview.tinyurl.com/6j9c6k

Attend Black Hat USA, August 2-7 in Las Vegas, 
the world's premier technical event for ICT security experts.
Featuring 40 hands-on training courses and 80 Briefings 
presentations with lots of new content and new tools.
Network with 4,000 delegates from 50 nations.  
Visit product displays by 30 top sponsors in 
a relaxed setting. http://www.blackhat.com

This archive was generated by hypermail 2.1.3 : Fri May 16 2008 - 01:17:40 PDT