30 December 1998
Source:
http://www.ccic.gov/pubs/blue99/hecc.html
MARQUISE
In FY 1999, NSA will flight test SOLITAIRE, the embedded high performance
computer prototype developed under the MARQUISE program, on an Air Force
aircraft. The agency will continue research on miniaturized, spray cooled,
and embedded diamond power supplies. In FY 1999, NSA expects to demonstrate
a 48-Volt to 2.8-Volt @ 200 Amps high-efficiency power converter with a power
density of 2 Kwatts/inch3.
NSA continues to conduct research in embedded scalable nodes (the follow-on
architecture to MARQUISE) for mission scenarios, and has selected three potential
repackaging implementations that could make a 100 percent software-compatible,
miniaturized high performance computer available six months after the
introduction of the commercial computer.
The SOLITAIRE board contains a complete SGI/CRAY J90
System Element, which includes four vector processors, network crossbar,
I/O, and 1/2 Gbyte of dynamic random access memory (DRAM). There are nine
diamond based die cast multichip modules (MCMs) mounted on one side of the
board and eight die cast MCMs mounted on the reverse side. SOLITAIRE represents
a new achievement in double sided board column grid attachment, featuring
over 25,000 connections between the modules and the board. This repackaging
implementation of the System Element is 80 percent smaller and 75 percent
lighter than the commercial product, and concentrates 500 Watts onto a 10
inch square board.
Microelectronics in
high speed computing
Related NSA research areas include synthetic diamond packaging technology,
all-optical switching, and optoelectronic integrated circuit packaging
technology. Other activities include:
-
Point-of-use power conversion for power reduction
-
Area array I/O design studies for low power implementations of high performance
MCM
-
Very high level programmable accelerator plug-ins for standard architectures
Pictured to the left is a 128x128 superconductive
crossbar switch. The switch matrix is mounted on the 4"-diameter MCM and
maintained at 4 degrees Kelvin temperature. It is connected to its
room-temperature environment by an eight multichannel electrical cable.
A spray cooled dc/dc converter can supply an impressive 200
W/in3. This magnitude of miniaturization allows tight integration
of the power converter and electronics in a shared environment. Point of
load conversion eliminates heavy bus bars and rigid cables by distributing
power at high voltage and low current. Spray cooling results in relaxed device
specifications and improved reliability due to reduced operating junction
temperatures and thermal gradient. A 28 vdc/4 vdc spray cooled converter
is pictured to the left.
UPC
NSA's Center for Computing Sciences (CCS), in partnership with the University
of California at Berkeley and Lawrence Livermore National Laboratory, is
developing UPC, a language that combines features of the CCS-developed AC
with features of Split-C and PCP, two other parallel C languages. UPC represents
an attempt to develop a base language that could become a standard for
explicitly-parallel C. UPC extends AC in three ways:
-
It adds keywords that enable programmers to control memory consistency to
balance safety and performance.
-
It enables blocking of arrays across processors to improve the performance
and ease of programming for select applications.
-
It introduces a "forall" concept to handle load balancing in loops that can
be executed in parallel.
Quantum Computing
In FY 1998 and 1999, NSA will continue fundamental exploratory studies in
quantum computation theory and experimentation, including algorithms and
complexity theory, quantum error correction techniques, quantum decoherence
processes, and small scale laboratory implementations.
HTMT
NSA's Hybrid Technology Multithreaded (HTMT) architecture effort is a
collaborative project among a dozen research groups (Caltech/JPL, University
of Delaware, SUNY Stony Brook, University of Notre Dame, Princeton University
plus an association of other government and industry labs). The objective
is to define a very high performance computer system that can reach a petaflop
level of performance in significantly less time than a conventional approach.
HTMT will be based on a unique multithreaded execution model and will use
a combination of leading-edge technologies, including superconducting technology,
high-speed VLSI semiconductor technology, optical interconnect, and storage
technology. The system is expected to be used in several critical high
performance applications of national strategic importance over the next decade.
An initial study of the original HTMT concept was funded by NSF and NASA
in 1996-1997. A comprehensive design study of HTMT is now sponsored by DARPA,
NSA and NASA, and is managed through Caltech and JPL. The research being
performed at University of Delaware is focused on the program execution and
architecture model of HTMT.
High speed circuits
NSA is conducting research to determine whether electronics can handle the
100 Gb/s serial data rates of fiber optic links. Uses include Tb/sec data
transfer.
RES, JACKAL, and LOTS
RES, a system developed in 1991-1992 with NSA HPCC funds, was designed to
harness "idle" workstations. It is seeing increasingly widespread use and
is the subject of continuing enhancement.
JACKAL is a cliche-based software reverse-engineering research system (where
a "cliche" is an "interesting" piece of code). Input to JACKAL is a high-level
abstract language translation of source code (when available) or decompiled
code. JACKAL uses tree-matching and string-matching algorithms to identify
cliches.
Archival store for I/O is a major element in all computing systems. NSA is
developing LOTS, an optical tape system with ten times the storage per tape
and at least ten times the input data rate compared with conventional large
stores.
Source:
http://www.ccic.gov/pubs/blue99/hcs.html
Information security
NSA's Information Security (INFOSEC) Research Program continues to deliver
a broad range of security technology solutions. Fundamental mathematical
work in cryptography, including elliptic curve technology, has produced more
secure and efficient algorithms for privacy protection and authentication,
while analytic work in electronic cash technology has provided valuable guidance
to the financial and legal communities. NSA has provided demonstrations and
standards developments to ease the integration of security services into
commercial products and services. Engineering breakthroughs in high speed/low
power electronics and in optical encryption technology will provide the
foundation for emerging high performance communication systems. Improved
biometric authentication techniques are finding widespread acceptance for
improving government and commercial access control systems. Security enhancements
for next generation operating systems and for object technology have been
developed and transferred to the R&D community. New visualization and
risk assessment tools have been developed and applied to assessing system
security. Finally, NSA has established cooperation across the INFOSEC research
community to address network security.
NSA has developed a technology forecast and set of challenge problems that
focus on the development of a high assurance computing platform, technology
for secure internetworking, and technologies needed for a high assurance
security management infrastructure. The technology needs and gaps of these
challenge problems will direct the bulk of NSA's INFOSEC research resources.
Problem areas that need to be addressed include the development of system
security engineering methods to specify and design security characteristics
into a system; the management of network security and the development of
an infrastructure to support that management; tools and techniques to detect
and respond to local and national level attacks on critical information systems
and infrastructure components; the development of strong mechanisms to allow
the controlled sharing of information among disparate communities; and improved
assurance technology for increasing the level of trust in the secure operation
of system hardware, software, and procedures. Following are some highlights:
-
NSA is conducting research on technologies for high-speed encryption. In
1997, NSA engineers, in collaboration with DOE's Sandia National Laboratory,
completed the design for an ATM encryptor that operates at 10 Gbps. In 1998
they evaluate the vulnerability of the chip, which will be a follow-on to
the FASTLANE ATM encryptor. This design is capable of context (key, algorithm,
mode) agility rather than simply key agility.
-
NSA scientists have invented a process for fabricating etched mirrors on
semiconductor laser surfaces, a process necessary to cascade optical logic
gates on a single chip, and an advancement needed for the development of
an all-optical encryptor.
-
NSA has authored the Internet Security Association and Key Management Protocol
(ISAKMP), an Internet draft standard. NSA researchers are modeling ISAKMP
and analyzing it for completeness and security. The model contains more than
100 different data flow diagrams, state transition diagrams, and
mini-specifications. Included within the more than 50 state transition diagrams
are 250 states and over 600 state transitions. Future modeling will include
interaction of ISAKMP with other protocols.
-
NSA contracted with Virtual Motion Inc. to deliver a driver with a protocol
structure that enables a laptop user to encrypt network data independent
of the particular vendor's wired or wireless PC card. This improves the original
idea of modifying each vendor's device driver to operate with a Fortezza
encryption card. A wireless local-area network was also developed that uses
the Fortezza card for security.
National Information
Assurance Partnership
program and Role-Based
Access Control
Under the NIAP program, NIST has partnered with NSA to establish a center
to foster the development of formal laboratories to test and certify security
products against published formal specifications. This program will help
ensure that both vendors and users can cite third-party assurance of the
functionality and quality of security products and systems.
In the complex information technology environment, the careful and correct
specification of rules to control access to online documents, capabilities,
or systems has become critical -- and increasingly difficult. While traditional
access control methods focus on individual users, files, or other system
objects, management of access in the real world is more often based on the
role that a user assumes. NIST has pioneered the new RBAC model that better
meets the needs of user organizations and is implementing it in environments,
including a Web-based application.
Source:
http://www.ccic.gov/pubs/ip98.pdf
NSA will flight test MARQUISE (the embedded High Performance Computer) on
Air Force and Navy aircraft. The agency will continue research on a miniaturized
spray cooled embedded diamond power supply and on embedded scalable nodes
(follow-on architecture to MARQUISE) for mission scenarios. NSA will continue
joint NSA/University of Maryland research on microelectronics applied to
high speed computing, including very high speed (many Gb/s) optoelectronic
devices and systems using 1.5 micron WDM interconnect technology. The program
supports research on new electronic (Si) structures for future very high
speed, high density very large scale integration (VLSI) with feature sizes
well below 0.1 micron and supports research in silicon surface science.
Research also includes synthetic diamond packaging technology, all-optical
switching, and optoelectronic integrated circuit (IC) packaging technology.
Expected FY 1998 accomplishments include point-of-use power conversion (for
power reduction), area array I/O design studies for low power implementations
of high performance multichip module (MCM), and studying and prototyping
very high level programmable accelerator plug-ins for standard architectures.
FY 1998 efforts will continue research in quantum computing in association
with NIST, DOE laboratories, and other research agencies.
-
Create a prototype for a powerful, mobile, front-end processor that supports
high capacity I/O, high performance computing, high utilization of peak processor
performance (50 to 80 percent), and is programmable in a high level language
such as C or C++.
-
Develop a multi-gigabit per second crossbar switch for supercomputer and
data transfer applications. This work is to demonstrate a 128x128 crossbar
switch with 2.5 Gb/s per port data rate and a latency less than 10 ns. The
device technology is cryogenic superconductive digital circuits. The final
system components will be selected and assembly begun during FY 1997 and
continue through FY 1998 for an FY 1999 delivery of:
· An operational 128 X 128 superconductive crossbar switch
· A 100 Gb/s serial to parallel device with clock recovery
· Two types of 16 Kb subnanosecond access-time memory chips—one
room temperature and one superconductive.
NSA will continue its very high speed networking R&D by applying the
latest technologies to inter-agency testbeds that can be migrated to deployment.
Enabling technologies such as materials and photonics research are being
studied for new capabilities to speed processing power and enhance sensitivity.
In FY 1998, NSA expects to have in place all the parts necessary for a truly
Gb/s Internet, capable of supporting multiple individual data streams, each
at 2.4 Gb/s, over ATM and IP. Installation of all-optical networks will begin.
The Washington, DC, area ATDnet will act as a public network capable of
interconnection with an all-optical (crossbar) network, acting as a DoD private
network, as well as use individual wavelengths for support of "legacy" ATM
networks.
NSA will demonstrate solutions to high assurance configurable security
architectures. NSA will continue constructing prototypes to enable the efficient
replacement of security policies and security mechanisms with minimal impact
on system service or assurance. Research solutions will be integrated into
future commercial technology via collaboration with various research labs.
This effort will include: integration of security research results into advanced
operating system technologies; creation of system framework for flexible
authentication services; and securing computing related to distributed and
mobile computing. NSA will continue development of functional devices including
core cryptographic processors, numeric processors, high speed memories, and
test and characterization devices. It will also explore related silicon
technologies that employ high speed, low power characteristics.
National Security Agency
The National Security Agency (NSA) has traditionally influenced and been
a very early and sophisticated user of the highest performance commercial
computer, storage, and networking systems. For these reasons, NSA actively
participated in the original HPCC studies which led to the Federal HPCC program.
Through the entire period of growth of high performance computing and networking,
spanning several decades, NSA has stimulated both industry and academia with
some of the most challenging problems in the nation. A number of major U.S.
computer companies are now using hardware and software technology in their
products which originated at NSA. This role must continue, both to assure
the availability of increasingly higher performance systems to meet the nation's
national security interests and to ensure that benefits of NSA's activities
accrue to the overall advantage of the industry and the satisfaction of other
HPCC Grand Challenges.
NSA will continue to pursue high performance computing and very high speed
networks in order to perform its mission. Many of these programs will also
contribute directly to the overall goals of HPCC. NSA sponsors divisions
of the Institute for Defense Analyses (an FFRDC) to do most of this research.
Results of programs and external drivers have led to revised priorities and
funding levels for the supercomputing, superconducting, and very high speed
research programs.
Source: "Trust in Cyberspace"
http://jya.com/tic.htm
Since information about the NSA R2 research program is less-widely available
than for relevant programs at DARPA and other federal agencies, the entire
committee visited NSA for a more in-depth examination of R2's research program;
subsequent meetings involving NSA R2 personnel and a subset of the committee
provided still further input to the study.
***
NSA funds information security research through R2 and other of its
organizational units. The present study deals exclusively with R2. In contrast
to DARPA, NSA R2 consumes a large portion of its budget internally, including
significant expenditures on nonresearch activities. NSA's two missions-
protecting U.S. sensitive information and acquiring foreign intelligence
information-can confound its interactions with others in the promotion of
trustworthiness. Its defensive mission makes knowing how to protect systems
paramount; its offensive need to exploit system vulnerabilities can inhibit
its sharing of knowledge. This tension is not new. What is relevant for future
effort is the lingering distrust for the agency in the academic research
community and some quarters of industry, which has had a negative impact
on R2' s efforts at outreach. The rise of NISs creates new needs for expertise
in computer systems that NSA is challenged to develop internally and procure
externally. R2's difficulty in recruiting and retaining highly qualified
technical research staff is a reason for "outsourcing" research, when highly
skilled research staff are available elsewhere. R2's effectiveness depends
on better leveraging of talent both outside and inside the organization.
***
Within the federal government, external research relating to information
systems trustworthiness is coordinated by the interagency Computing, Information,
and Communications (CIC) R&D Subcommittee. About 12 federal departments
and agencies participate in coordinating program planning, budgeting, and
review. The CIC R&D Subcommittee is divided into five components and
trustworthiness activity is largely associated with the High Confidence Systems
(HCS) component.87 n terms of research support,
NSA and DARPA dominate the CIC agencies involved with HCS, with FY 1997 spending
listed as $7.3 million and $10 million, respectively, out of a $30 million
component total. Other components include High End Computing and Computation,
Large Scale Networking, Human Centered Systems, and Education, Training,
and Human Resources -- each of which can contribute to or be affected by
trustworthiness.
***
The federal government has sought to promote coordination among entities
on trustworthiness R&D, and it has linked defense and civilian and mission
and research agencies through the HCS working group. There is also an evolving
information security (infosec) research council that includes DARPA, DISA,
NSA, NIST, DOE, the CIA, and the military services. The PCCIP has recommended
additional interagency coordination structures, building on the teams it
assembled while conducting its work.88
The focused coordination effort comes from the DARPA-NSA-DISA Joint Technology
Office (JTO). Specifically, the role of the Information Systems Security
Research-Joint Technology Office (ISSR-JTO) is "to optimize use of the limited
research funds available, and strengthen the responsiveness of the programs
to DISA, expediting delivery of technologies that meet DISA's requirements
to safeguard the confidentiality, integrity, authenticity, and availability
of data in Department of Defense information systems, provide a robust first
line of defense for defensive information warfare, and permit electronic
commerce between the Department of Defense and its
contractors."89
National Security Agency
The National Security Agency is responsible for (1) providing intelligence
through the interception, collection, decryption, translation, and processing
of foreign communications signals and (2) developing cryptographic and other
information security techniques to protect classified and unclassified (but
sensitive) U.S. communications and computer systems associated with national
security.90 In support of its information
security mission, the NSA has historically developed very high quality
cryptographic equipment and keying material for the Department of Defense
and other customers in the U.S. government (e.g., the State Department).
For years, the primary focus of the NSA was on protecting the confidentiality
of communications. As the boundary between communications and computing has
blurred, the NSA has focused its protection on information security rather
than more narrowly on communications security (see Box
6.6).
The growing dependence on COTS technology in the DOD necessitates a strong
NSA interest in COTS trustworthiness and the integration of cryptography
into COTS products. NSA's special customer market is small enough and the
potential for NSA control is sufficient to discourage many producers of COTS
products from meeting NSA's special needs directly; because of its low and
shrinking influence on the market, NSA needs to understand and work with
COTS technology and vendors. The shift to COTS products raises questions
about the scope of national security concerns and what they imply for technology
strategies to meet the needs of national security entities, the primary client
of NSA.
Partnerships with Industry
Increasingly, partnering with industry is seen as an approach for lowering
government research costs, ensuring the relevance of solutions, and expediting
the transfer of research into products. On the other hand, anecdotal
evidence91 points to concerns about the direct
and opportunity costs of engineering efforts that respond to NSA's concerns
without generating products that see widespread use (Mayfield et al., 1997).
Meanwhile, growing recognition of the need for trustworthiness combined with
increased dependence on NISs continues to lead more organizations (e.g.,
banks) with high levels of concern about information security to approach
NSA for consultation and assistance. The National Computer Security Center
was formed by NSA in the early 1980s as a communications conduit for information
security technology. More recently, the NSA National Cryptologic Strategy
described and encouraged a "zone of cooperation" among the law enforcement
and national security communities, the public sector generally, and the private
sector.
Another example of reaching out is the NSA effort in the early 1990s concerning
the Multilevel Information Systems Security Initiative (MISSI), which was
originally intended to provide a set of products and an architectural framework
that would facilitate the development of multilevel secure NISs. A key aspect
of MISSI was to promote broader use of Fortezza
technology92 through partnerships with industry.
MISSI embodied the view that secure hardware and software had to be developed
together, something that the COTS market eschews. For this and other reasons,
it is widely acknowledged that MISSI was both a technical and marketplace
failure; nevertheless, the multilevel security concerns embodied in MISSI
-- that truly secure solutions require integrated approaches -- continue
to shape NSA management thinking.93 An alternate
way to leverage COTS technology is through the development of standards,
such as common application programming interfaces (APIs) that permit the
development and use of security products with differing strength. Such standards
have promise in satisfying the needs of diverse communities of security
customers. The use of APIs seems to the committee to be more appealing to
industry than MISSI, although acknowledging that APIs and MISSI are not directly
comparable because APIs do not address system security or assurance issues.
However, APIs are consistent with the notion that successful solutions in
industry are likely to be add-ons, rather than integrative solutions.
Furthermore, some APIs, notably those for cryptographic functions, can run
afoul of export control restrictions.
The U.S. Trusted Computer System Evaluation Criteria (TCSEC) effort represents
a further attempt by NSA to partner with the private sector. In this area,
NSA insisted on specific conceptual models and corresponding technology,
such as the information flow security models for access control at higher
levels of the TCSEC. The result was a different and more costly orientation
to authentication and access control than evidenced by policy models apparent
in industry. No commercially viable products emerged from this effort, and
today it is regarded as essentially irrelevant to current COTS information
technology.
The effectiveness of such outreach efforts has been limited in the past by
such factors as public mistrust of a historically secretive agency; the lack
of public awareness, understanding, and support for the TCSEC and Evaluated
Product List; and the ambiguity inherent in a public outreach arm in an agency
constrained by statute to national security interests (CSTB, 1991). Current
efforts may prove more successful, but they must overcome a legacy of suspicion
originating in NSA's traditional secrecy as well as its role in controversies
surrounding such efforts as the TCSEC, Clipper chip/Fortezza, and its desires
for controls on exports of information security
devices.94
Other factors inhibit cooperation between NSA and the private sector. The
environment in which private-sector information security needs are manifested
may be different enough from the defense and foreign policy worlds that these
technologies may not be particularly relevant in practice to the private
sector. Furthermore, the rapid pace of commercial developments in information
technology may make it difficult for the private sector to use technologies
developed for national security purposes in a less rapidly changing environment
(CSTB, 1996).
R2 Program
To support its mission, NSA funds and conducts research through an organization
called R, which has research subunits and staff groups that provide support
for technology forecasting and infosec research outreach. R2 is the NSA research
subunit responsible for information security research programs; it is organized
into three research divisions: cryptography, engineering, and computer science.
In 1997 R2 had over 100 staff and a contracting budget in the tens of millions
of dollars, a portion of which is coordinated with DARPA.
The major foci of R2 research are enumerated in Box 6.7.
The dominant areas of R2 research are secure communications technology, assurance
technology, and security management
infrastructure.96 Although cryptography has
been the centerpiece of NSA's communication security products and is the
dominant technique for providing security within NISs, cryptography was not
identified as a dominant emphasis. Classified research and research performed
by other NSA research elements and other government and government-supported
research organizations presumably provide research support to NSA in this
area.
The NSA and its R2 organization have developed close working relationships
with a group of companies and organizations that have acquired a significant
understanding of NSA's goals and the technologies involved in satisfying
those goals. A large portion of the research work funded by R2 is conducted
by selected contractors, federally funded research and development centers
(FFRDCs), and researchers at national laboratories (e.g., work on quantum
cryptography, an example of the more fundamental work supported by R2). Although
R2 does not, for the most part, use the same open solicitation process used
by DARPA, for example, it does review and sometimes funds proposals submitted
to DARPA. Such coordination is a goal of the JTO.
R2's small University Research Program (URP) publishes open solicitations
for research and provides modest security-related contracts ($50,000 to $100,000)
to principal investigators in a number of colleges and universities. The
program is intended to encourage professors to work in computer and
communications security, although published results have not been noteworthy.
For example, R2 has supported operating systems (OS) work that its management
recognizes has not affected mainstream OS work and formal methods work that
also has had limited impact (e.g., formal verification tools have not been
developed as hoped for).
In a recent study (Anderson et al., 1998), 45 NSA-funded projects in the
area of information system security and survivability were identified. Although
the enumeration may not be comprehensive, it does indicate the nature and
scope of the research funded by NSA (see Appendix J).
Of R2's contract funds, a significant portion goes to support nonresearch
activities such as participation in standards-setting organizations (e.g.,
the Internet Engineering Task Force, where R2 contributed the ISAKMP protocol
to the IPsec standards effort), consortia membership (e.g., the ATM Forum,
where R2 also contributed to security protocol standards), and support for
infosec education (e.g., Biometrics consortium, Network Security Management
Forum, and support for infosec studies at the Naval Postgraduate School and
the University of Maryland). Numerous activities, both external and contract
funded, are focused on understanding and assessing various products and
technologies (e.g., hacker tools, cryptography for electronic-cash). R2 also
supports several efforts to modify COTS products to incorporate new or expanded
security functionality (e.g., biometrics access controls and intrusion detection
for Windows NT).
Issues for the Future. The committee reviewed a draft of
R2's "Information System Security Research Program Plan," which was revised
multiple times in 1996-1997.97 This plan calls
for greater interaction with the entire infosec community and a more open
but focused R2 research program, which would be based on input from an infosec
research council (sponsored by NSA and including participants from the relevant
agencies and the military services), a national infosec technical baseline
(established by NSA, DOE, and DOE's national laboratories), and an infosec
science and technology study group (composed of leading experts who would
provide an infosec perspective from the private sector). By design, the draft
plan would support technology R&D "consistent with the fundamental security
principles and concepts articulated in the DOD Goal Security Architecture"
(Burnham, 1997). To ensure a supply of knowledgeable experts in the future,
the draft plan calls for the establishment of academic centers for infosec
studies and research. The plan also emphasizes technology transfer to the
infosec side of NSA, to the military services, and to industry.
The committee believes that R2 faces two related challenges. One challenge
is its research portfolio. Because NSA both funds external infosec research
and performs internal infosec research, questions arise as to the appropriate
allocation of effort (internal and external) and its coordination. Decisions
about internal effort, like decisions about external effort, should recognize
where the parties have comparative advantage. Highly classified cryptographic
research is a natural choice for internal research; NSA has widely recognized
strength in that area and has better access to mathematical talent in terms
of both caliber and number or researchers. Other areas of trustworthiness,
less constrained by classification requirements, seem more appropriate for
R2 to pursue externally.
The second critical issue is the recruitment, retention, and continuing education
of high-quality talent to pursue noncryptographic trustworthiness research
areas. In these areas, especially those that depend on computer science,
highly skilled researchers available in many academic and commercial
organizations can make significant contributions to infosec technology. R2
will have to compete for that talent with other agencies that have established
relationships with top researchers. Furthermore, top-tier talent with security
expertise is scarce, and nongovernment employers would appear to offer more
rewards, from recognition to pay (Lardner, 1998). Skills developed in an
infosec research group, especially those relating to network security,
cryptography, and COTS software, are easily marketable in the commercial
sector -- a fact that constrains both hiring and retention in R2. Finally,
there is the perception that the "cloak and dagger image" that once attracted
some people to NSA is no longer as strong, because of a smaller defense budget
and rapidly growing private-sector alternatives (Lardner, 1998).
As previously indicated, senior management at NSA and NSA advisory groups
have stated that it is difficult to obtain and retain highly qualified technical
research staff with computer-related expertise for the R2
organization.98 Within R2, staff is spread
thinly, and loss of an individual can have a significant impact on organizational
coverage. Further, the ability of a technologist to do research is reportedly
limited by administrative and other obligations. The adoption of a rotation
program, comparable to those at the NSF and DARPA for program managers, could
be considered as a complement to hiring regular staff members. To be effective,
such a program would have to be carefully designed to attract the desired
researchers to the NSA.
R2 may be at a disadvantage within NSA inasmuch as its work is removed from
fielded results that constitute NSA successes and its work is not as directly
linked to NSA's mission as that of other units. These circumstances can constrain
internal communication, and anecdotal evidence suggests that R2 may not always
benefit from knowledge of relevant work done by sister units. By contrast,
program managers pursuing trustworthiness topics at DARPA and NSF have more
visibility, and they and the researchers they fund are free to publish their
results.
Although R2 funds and performs unclassified work, it shares the NSA environment
and mind-set of tightly controlled information. This environment presents
a real conflict with the need for access to open research information. It
can encourage a closed community of workers who do not communicate with others
in the community either to seek or contribute information. Although R2 has
increased its outreach, the conferences in which it seems most active as
an organization, the NSA-NIST-sponsored National Information System Security
Conference and its own Tech Fest, tend to attract a small community of
researchers with long-standing connections to NSA. These audiences have only
limited interaction with the larger community of computer science researchers
with whom other HCS agency program managers have regular contact.
Findings
1. Some government customers have particularly high needs for security, and
there are a handful of systems (e.g., "The President's Laptop") that face
levels of threat and require the strength of a mechanism that is not available
in commercial products and that would have insufficient demand to support
a product in the marketplace. The NSA is particularly well situated to develop
such mechanisms. Classified cryptographic research is also a natural fit
for the NSA internal research program.
2. The R2 university research program emphasizes relatively short term and
small projects. Such projects do not tend to attract the interest of the
best industrial and academic researchers and institutions.
3. Rotation of R2 researchers with researchers in industry and academia could
help to broaden and invigorate the R2 program. Such rotation would be most
effective with institutions that have large numbers of leading researchers.
4. Inadequate incentives currently exist in R2 to attract and retain highly
skilled researchers. Improved incentives might be financial (e.g., different
salary scale) and/or nonfinancial (e.g., special recognition, greater public
visibility). R2 faces formidable challenges in the recruitment and retention
of the very best researchers.
5. R2 has initiated several outreach efforts, but these efforts have not
significantly broadened the community of researchers who work with R2. Effective
outreach efforts are those that are designed to be compatible with the interests,
perspectives, and real needs of potential partners.
BOX 6.6
The NSA Mission: From Communications Security to Information Security
The 1995 NSA Corporate Plan for Information Systems Security laid out a broad
mission: "[NSA's] INFOSEC [information security] mission is to provide
leadership, products, and services necessary to enable customers to protect
national security and sensitive information in information systems pursuant
to federal law and national policies, and to provide technical support to
the government's efforts to incorporate information systems security into
the national information infrastructure. Our customers include national security
community members handling classified and sensitive information, as well
as those civil government agencies and, when requested, private sector
organizations providing vital national services. We serve our customers by
assessing their needs, delivering solutions, and creating advanced INFOSEC
technologies. We also promote security for the national information
infrastructure through our policy and standards work, our efforts in public
advocacy and education, and our role in shaping commercially available security
technology" (p. ii). More recently, the 1996 National Cryptologic Strategy
for the 21st Century110 explicitly related
military and commercial vulnerability to interconnectivity, interoperability,
and increased reliance on commercial off-the-shelf products and services.
|
BOX 6.7
R2's Research Activities
-
Secure communications technology -- dealing primarily with optical, wireless,
digital speech encoding and compatible digital encryption technology in very
high speed communications networks.
-
Assurance technology -- including formal methods, risk management, and fault
tolerance.
-
Secure management infrastructure -- significant effort in key and certificate
management, protocols including IPsec and ISAKMP, standardization efforts,
and multicast key management.
-
Identification and authentication -- with significant emphasis on biometrics.
-
Policy invocation and enforcement -- including architectures, system composition,
and distributed computing.
-
Damage detection and response -- covering defensive information warfare,
damage indicators, and recovery responses.
-
Information domain definition -- including boundary defenses and mapping
network boundaries.
-
Cryptography -- primarily classified research by its own staff (only part
of NSA's cryptography research effort).
Source: Based on program management information supplied to the committee
in 1997.
|
***
The NSA R2 organization must increase its efforts devoted to outreach
and recruitment and retention issues.
R2 has initiated several outreach efforts, but these have not significantly
broadened the community of researchers that work with R2. Effective outreach
efforts are those that are designed to be compatible with the interests,
perspectives, and realities of potential partners (e.g., acknowledgment of
the dominance of COTS technology).
Inadequate incentives currently exist within R2 to attract and retain highly
skilled researchers. Improved incentives might be financial (e.g., different
salary scale) and/or nonfinancial (e.g., special recognition, greater public
visibility) in nature. R2 faces formidable challenges in the recruitment
and retention of the very best researchers. The rotation of R2 researchers
with researchers in industry and academia would help to broaden and invigorate
the R2 program. Such rotation would be most effective if it involved institutions
that have large numbers of top researchers. As currently constituted, the
R2 university research program emphasizes relatively short-term and small
projects, and it does not attract the interest of the best industrial and
academic researchers and institutions.
***
Research in Information System Security and Survivability Funded
by the NSA and DARPA
In a recent study, Anderson et al. (1998) identified
a total of 104 individual research projects that were funded by DARPA's
Information Survivability program, a unit of the Information Technology Office
(ITO), in FY 1998. In addition, 45 information security projects were identified
from the NSA and were included in the Anderson et al. (1998) study. These
projects were categorized as depicted below (some projects were counted in
two categories).
Heterogeneity
Preferential Replication/Lifespan, Architectural/Software Diversity, Path
Diversity, Randomized Compilation, Secure Heterogeneous Environments
NSA R2 = 0 projects; DARPA ITO = 2 projects
Static Resource Allocation
Hardware Technology
NSA R2 = 1 project; DARPA ITO = 0 projects
Dynamic Resource Allocation
Detect & Respond to Attacks/Malfunctions, Dynamic Quality of Services,
Active Packet/Node Networks, Dynamic Security Management
NSA R2 = 3 projects; DARPA ITO = 12 projects
Redundancy
Replication
NSA R2 = 0 projects; DARPA ITO = 3 projects
Resilience & Robustness
Cryptography/Authentication, Modeling and Testing, Fault/Failure-Tolerant
Components, Advanced Languages & Systems, Wrappers, Firewalls, Secure
Protocols, Advanced/Secure Hardware
NSA R2 = 28 projects; DARPA ITO = 54 projects
Rapid Recovery & Reconstitution
Detect and Recover Activities
NSA R2 = 0 projects; DARPA ITO = 2 projects
Deception
Decoy Infection Routines
NSA R2 = 0 projects; DARPA ITO = 0 projects
Segmentation / Decentralization / Quarantine
Secure Distributed/Mobile Computing, Enclave/Shell Protection, Intruder Detection
and Isolation, Specialized "Organs," Autonomous Self Contained Units, Damage
Containment
NSA R2 = 2 projects; DARPA ITO = 11 projects
Immunologic Identification
Autonomous Agents, "Lymphocyte" Agents, Detection of Anomalous Events, Mobile
Code Verification, Self/Nonself Discrimination, Information Dissemination
NSA R2 = 1 project; DARPA ITO = 12 projects
Self-Organization & Collective Behavior
Adaptive Mechanisms, Formal Structure Modeling, Emergent Properties &
Behaviors, Node/Software Optimization, Market-Based Architecture, Scaleable
Networks (VLSI)
NSA R2 = O projects; DARPA ITO = 10 projects
Other/ Miscellaneous
Multiple Approaches to Network Security/Survivability, Technology Forecasting
NSA R2 = 10 projects; DARPA 110 = 3 projects
REFERENCE
Anderson, Robert H., Phillip M. Feldman, Scott Gerwehr, Brian Houghton, Richard
Mesic, John D. Pinder, and Jeff Rothenberg. 1998. A "Minimum Essential
Information Infrastructure" for U.S. Defense Systems: Meaningful? Feasible?
Useful? Santa Monica, CA: RAND National Defense Research Institute
(forthcoming) .
87 The HCS program was announced as one of six focus areas
in the 1995 Strategic Implementation Plan of the Committee on Information
and Communications (CIC) R&D, which coordinates computing and communications
R&D across the federal government. CIC planning includes R&D activity
in the areas of components, communications, computing systems, support software
and tools, intelligent systems, information management, and applications.
88 The JTO was announced in the 1995 "ARPA/DISA/NSA Memorandum
of Agreement Concerning the Information Systems Security Research Joint
Technology Office." Complementing DARPA's ongoing research program relating
to system security as well as NSA's research efforts, the Joint Technology
Office (JTO) is intended to further coordination of research and technology
development relevant to meeting DOD's needs for trustworthy systems. It also
aims to make the goals and decision-making processes for such R&D more
open and responsive to public needs and concerns. Organized as a "virtual"
entity that draws on personnel and resources otherwise housed at the
participating agencies, the JTO is expected to harmonize the individual agency
programs much as the High Performance Computing and Communications Initiative
has harmonized those of its component agencies, while leaving research management
(e.g., broad area announcements in the case of DARPA) and ultimate source
selection decision making to those agencies.
89 See "Memorandum of Agreement Between the Advanced Research
Projects Agency, the Defense Information Systems Agency, and the National
Security Agency Concerning the Information Systems Security Research Joint
Technology Office''; MOA effective April 2, 1995. The full text of the MOA
is available online at
http://www.ito.darpa.mil/ResearchAreas/Information_Survivability/MOA.html.
90 Under the National Security Act of 1947, a restructured
intelligence community was created. Subsequent executive orders have revised
or reordered the intelligence community (and continue to do so). The National
Security Agency (which replaced the Armed Forces Security Agency) was created
by presidential directive by President Truman in 1952. A number of documents
that describe NSA's mission are classified, but a basic mission statement
is now available on an NSA Web site,
http://www.nsa gov:8080.
91 Such evidence includes the experiences of committee
members.
92 Fortezza was originally designed for use with only
unclassified data. Other products, never deployed, were to provide analogous
cryptographic protection for classified data. However, over time MISSI's
focus changed (see Chapter 4, Box 4.4, for additional details).
93 Committee discussion with R2 managers, October 21,
1996. 94 This distrust and suspicion of NSA is enhanced by NSA's history
of control-oriented interactions with industry. The technology marketplace
is a worldwide marketplace. For many companies at least half of their income
is derived from outside of the United States. Advanced technology, especially
cryptography, is subject to export controls, and NSA has played a significant
role in advising the U.S. government on which technologies can be exported
as commodities. The recent declassification of SKIPJACK and KEA is a step
in the right direction; the declassification was done explicitly to allow
industry to implement Fortezza-compatible software, thus enabling very low
cost cryptographic "soft tokens."
95 For example, military users may be willing to tolerate
a higher degree of inconvenience to obtain the benefits of security.
96 As reflected in unclassified briefings and materials
on funding and staffing levels provided to the committee.
97 Authored by Blaine Burnham, NSA. This document was
provided to the committee by R2 when the committee asked for insight into
R2's thinking about future directions. The committee examined this document
not as a formal plan for NSA, but as a white paper -- as a source of
possibilities for the future.
98 They note that R2 has not recruited from the academic
researchers it supports.
110 John Davis, NCSC director, described this program
to the committee during its October 21 visit to NSA, using July 1996 briefing
charts. [See also
http://www.nsa.gov:8080/programs/ncs21/
]