23 March 2013
NSA INFOSEC Excitement
NSA Cryptolog, 2nd Issue, 1989, pp. 11-12.
THE EXCITEMENT OF INFOSEC
Some time ago, while I was having lunch with the Director of Security of
one of our NATO allies and we were discussing the rash of books on intelligence
agencies such as the CIA and Britain's MI-5 and MI-6 that were flooding
bookstores, he asked, "Why aren't there more best selling books on INFOSEC?"
I replied, "It's because the best days we have in INFOSEC are when nothing
exciting happens in the outside world. When we are successful, which we are
most ofthe time, the result is a non-event."
During the Walker spy trial, Earl Clark, an NSA INFOSEC expert, said, "Give
me access to your codes, give me access to your ciphers, and you won't have
any secrets." INFOSEC has all the secrets of US national security as well
as the secrets of NATO and those of our allies around the world to protect.
The responsibilities are awesome. On a good day for INFOSEC, the externals
are placid, but make no mistake, the internals are boiling. That's the excitement
The internal story is unknown, and it must necessarily remain so to the outside
world. It is possible, however, to give some appreciation of the scope of
the INFOSEC task with respect to the various elements, each fascinating in
its own right, which collectively must be integrated into the total security
pattern which constitutes INFOSEC.
Consider the challenge to the cryptomathematician: Design a cryptoalgorithm
to encrypt our most sensitive secrets, and having encrypted them, we will
give the resulting text to our most mathematically and technically sophisticated
opponents and let them subject it to their most high-tech attacks. It must
protect the information for decades against such continuous attack. That's
not all. It must do this under the assumption that the opponent has the algorithm
but not the key.
To cryptoequipment engineers we say, "Embody the algorithm in an equipment
that is fail-safe," and to the evaluator we say, "Analyze the algorithm and
the cryptoequipment that contains it and give it a seal of approva1." Impossible
as it seems, it is a task that must be coped with successfully if we are
to have the ability to securely command and control our forces and to protect
our strategic interests.
There are many situations, particularly in tactical operations, where valuable
information can be derived, not by breaking the encrypted transmissions but
by analyzing the stereotypic formats, the quantitative message data, and
other externals. The task of protecting against such exploitation is the
domain of transmission security. This is an entirely different type of challenge,
the searching for seeming minutiae that could actually be a bonanza to hostile
One aspect of this, or for some an INFOSEC category of its own, is providing
secure sequences for ECCM transmissions that are secure against enemy analytical
Hostile intelligence operations can concentrate on the attack mechanisms
of their choosing. The job of INFOSEC is to protect against practical attacks.
A technically pervasive phenomenon, a known physical fact oflife, is that
electronic and electro-mechanical equipment when processing information
necessarily create emanations which can be detected unot protected against.
TEMPEST is the field of INFOSEC devoted to the protection against unwanted,
unintentional, comprorIDsing emanations. The technical challenge to determine
how best to detect such emanations, to identify those that may be compromising,
and then to devise corrective measures is complex. However, the real challenge
is how to determine the cost-effective compromise. At what point have we
made such an attack unprofitable? INFOSEC is always involved in optimization
trade-offs, but it is a two-party game of exceedingly high stakes.
TEAPOT is a recently coined terms for another aspect of the compromising
emanations problem. The difference between it and TEMPEST is that the emanations
are hostily induced by "bugs" planted in the equipment. In the TEAPOT category
is the widely publicized GUNMAN operation of the recent past, a rare case
of our sharing the excitement with the outside world. In the GUNMAN operation
we removed tons of equipment from our Moscow embassy and replaced it with
clean equipment in one rapid move before the Soviets could react.
Physical security in INFOSEC includes the protection of the cryptomaterials:
the codes, ciphers, cryptologics, keys, cryptoequipment. When you consider
the high value the Soviets place on the acquisition of our cryptomaterial,
coupled with the vast amount of codes, ciphers and keys in hard copy form
around the world, you can appreciate the enormous size of the this task.
If protection breaks down, security breaks down. That is why INFOSEC is a
top priority target ofthe Soviet espionage apparatus.
Personnel security goes hand in glove with physical security since it is
this route by which physical security is often attacked. There are no stricter
security constraints and checks on any personnel in the U.S. Government than
on those working at the heart of INFOSEC.
The rapid expansion of computers and the field of information processing
has enormously compltcated the qualitative and quantitative problem of protecting
classified and sensitive information, and at an exponentially increasing
rate. The previously discussed aspects of INFOSEC, as complex and challenging
as they may be, have trend lines and data bases helpful in planning. If
Communications Security, (COMSEC), is in a state of combustion, COMPUSEC
is in a state of explosion. Harnessing an explosion can be almost too exciting.
Again, it is a game, a deadly two party game with extraordinarily high stakes.
It is vital to know the enemy capabilities if we are to be successful in
countering them effectively. That is the field of threat analysis; Doctrine
provides the procedural and regulatory sinew binding the INFOSEC capabilities
into a coherent body. The production of literally mountains of codes, ciphers,
keys, and other crypto-material with the utmost of security and accuracy
is fundamentally important to an effective INFOSEC program. Each of these
areas of INFOSEC is a story in itself.
INFOSEC is not, of course, an end in itself. It is only useful when applied
in communications and electronics systems. This opens another whole dimension
to the scope of INFOSEC. It is absolutely essential for both systems security
and for the effectiveness and efficiency of the systems into which it is
integrated that the INFOSEC professionals not only fully understand the
technology of those systems, but also the operations those systems are
supporting. Thus, INFOSEC professionals are spread throughout the world in
a wide variety of roles. Take one example: Imagine the situation where a
satellite launch is on hold for some unidentified technical problem and your
equipment is the only Government Furnished Equipment in the whole system.
Now that's real excitement.
And now the final INFOSEC role, systems security evaluation. In accomplishing
this task, all the above discussed areas and their complex interactions must
considered. Coupled with this must be the consideration technology, the varied
environments and the wide range of applications, and the ever-present hostile
threat. This must be integrated, assessed, and a determination made to give
the seal of approval to a system, "OK to pass our nation's most vital secrets
in this system." The pressures on INFOSEC are great, the task seemingly
impossible, and the external recognition and rewards necessarily almost nil.
But balancing all that out is the EXCITEMENT OF INFOSEC.