23 March 2013

NSA INFOSEC Excitement

http://cryptome.org/2013/03/cryptologs/cryptolog_115.pdf

NSA Cryptolog, 2nd Issue, 1989, pp. 11-12.

THE EXCITEMENT OF INFOSEC

(FOUO)

Some time ago, while I was having lunch with the Director of Security of one of our NATO allies and we were discussing the rash of books on intelligence agencies such as the CIA and Britain's MI-5 and MI-6 that were flooding bookstores, he asked, "Why aren't there more best selling books on INFOSEC?" I replied, "It's because the best days we have in INFOSEC are when nothing exciting happens in the outside world. When we are successful, which we are most ofthe time, the result is a non-event."

During the Walker spy trial, Earl Clark, an NSA INFOSEC expert, said, "Give me access to your codes, give me access to your ciphers, and you won't have any secrets." INFOSEC has all the secrets of US national security as well as the secrets of NATO and those of our allies around the world to protect. The responsibilities are awesome. On a good day for INFOSEC, the externals are placid, but make no mistake, the internals are boiling. That's the excitement of INFOSEC.

The internal story is unknown, and it must necessarily remain so to the outside world. It is possible, however, to give some appreciation of the scope of the INFOSEC task with respect to the various elements, each fascinating in its own right, which collectively must be integrated into the total security pattern which constitutes INFOSEC.

Consider the challenge to the cryptomathematician: Design a cryptoalgorithm to encrypt our most sensitive secrets, and having encrypted them, we will give the resulting text to our most mathematically and technically sophisticated opponents and let them subject it to their most high-tech attacks. It must protect the information for decades against such continuous attack. That's not all. It must do this under the assumption that the opponent has the algorithm but not the key.

To cryptoequipment engineers we say, "Embody the algorithm in an equipment that is fail-safe," and to the evaluator we say, "Analyze the algorithm and the cryptoequipment that contains it and give it a seal of approva1." Impossible as it seems, it is a task that must be coped with successfully if we are to have the ability to securely command and control our forces and to protect our strategic interests.

There are many situations, particularly in tactical operations, where valuable information can be derived, not by breaking the encrypted transmissions but by analyzing the stereotypic formats, the quantitative message data, and other externals. The task of protecting against such exploitation is the domain of transmission security. This is an entirely different type of challenge, the searching for seeming minutiae that could actually be a bonanza to hostile intelligence services.

One aspect of this, or for some an INFOSEC category of its own, is providing secure sequences for ECCM transmissions that are secure against enemy analytical reconstruction.

[Paragraph redacted]

Hostile intelligence operations can concentrate on the attack mechanisms of their choosing. The job of INFOSEC is to protect against practical attacks. A technically pervasive phenomenon, a known physical fact oflife, is that electronic and electro-mechanical equipment when processing information necessarily create emanations which can be detected unot protected against. TEMPEST is the field of INFOSEC devoted to the protection against unwanted, unintentional, comprorIDsing emanations. The technical challenge to determine how best to detect such emanations, to identify those that may be compromising, and then to devise corrective measures is complex. However, the real challenge is how to determine the cost-effective compromise. At what point have we made such an attack unprofitable? INFOSEC is always involved in optimization trade-offs, but it is a two-party game of exceedingly high stakes.

TEAPOT is a recently coined terms for another aspect of the compromising emanations problem. The difference between it and TEMPEST is that the emanations are hostily induced by "bugs" planted in the equipment. In the TEAPOT category is the widely publicized GUNMAN operation of the recent past, a rare case of our sharing the excitement with the outside world. In the GUNMAN operation we removed tons of equipment from our Moscow embassy and replaced it with clean equipment in one rapid move before the Soviets could react.

Physical security in INFOSEC includes the protection of the cryptomaterials: the codes, ciphers, cryptologics, keys, cryptoequipment. When you consider the high value the Soviets place on the acquisition of our cryptomaterial, coupled with the vast amount of codes, ciphers and keys in hard copy form around the world, you can appreciate the enormous size of the this task. If protection breaks down, security breaks down. That is why INFOSEC is a top priority target ofthe Soviet espionage apparatus.

Personnel security goes hand in glove with physical security since it is this route by which physical security is often attacked. There are no stricter security constraints and checks on any personnel in the U.S. Government than on those working at the heart of INFOSEC.

The rapid expansion of computers and the field of information processing has enormously compltcated the qualitative and quantitative problem of protecting classified and sensitive information, and at an exponentially increasing rate. The previously discussed aspects of INFOSEC, as complex and challenging as they may be, have trend lines and data bases helpful in planning. If Communications Security, (COMSEC), is in a state of combustion, COMPUSEC is in a state of explosion. Harnessing an explosion can be almost too exciting. Again, it is a game, a deadly two party game with extraordinarily high stakes. It is vital to know the enemy capabilities if we are to be successful in countering them effectively. That is the field of threat analysis; Doctrine provides the procedural and regulatory sinew binding the INFOSEC capabilities into a coherent body. The production of literally mountains of codes, ciphers, keys, and other crypto-material with the utmost of security and accuracy is fundamentally important to an effective INFOSEC program. Each of these areas of INFOSEC is a story in itself.

INFOSEC is not, of course, an end in itself. It is only useful when applied in communications and electronics systems. This opens another whole dimension to the scope of INFOSEC. It is absolutely essential for both systems security and for the effectiveness and efficiency of the systems into which it is integrated that the INFOSEC professionals not only fully understand the technology of those systems, but also the operations those systems are supporting. Thus, INFOSEC professionals are spread throughout the world in a wide variety of roles. Take one example: Imagine the situation where a satellite launch is on hold for some unidentified technical problem and your equipment is the only Government Furnished Equipment in the whole system. Now that's real excitement.

And now the final INFOSEC role, systems security evaluation. In accomplishing this task, all the above discussed areas and their complex interactions must considered. Coupled with this must be the consideration technology, the varied environments and the wide range of applications, and the ever-present hostile threat. This must be integrated, assessed, and a determination made to give the seal of approval to a system, "OK to pass our nation's most vital secrets in this system." The pressures on INFOSEC are great, the task seemingly impossible, and the external recognition and rewards necessarily almost nil. But balancing all that out is the EXCITEMENT OF INFOSEC.