30 December 1998
Source: http://www.ccic.gov/pubs/blue99/hecc.html
MARQUISE
In FY 1999, NSA will flight test SOLITAIRE, the embedded high performance
computer prototype developed under the MARQUISE program, on an Air Force
aircraft. The agency will continue research on miniaturized, spray cooled,
and embedded diamond power supplies. In FY 1999, NSA expects to demonstrate
a 48-Volt to 2.8-Volt @ 200 Amps high-efficiency power converter with a power
density of 2 Kwatts/inch3.
NSA continues to conduct research in embedded scalable nodes (the follow-on
architecture to MARQUISE) for mission scenarios, and has selected three potential
repackaging implementations that could make a 100 percent software-compatible,
miniaturized high performance computer available six months after the
introduction of the commercial computer.
The SOLITAIRE board contains a complete SGI/CRAY J90
System Element, which includes four vector processors, network crossbar,
I/O, and 1/2 Gbyte of dynamic random access memory (DRAM). There are nine
diamond based die cast multichip modules (MCMs) mounted on one side of the
board and eight die cast MCMs mounted on the reverse side. SOLITAIRE represents
a new achievement in double sided board column grid attachment, featuring
over 25,000 connections between the modules and the board. This repackaging
implementation of the System Element is 80 percent smaller and 75 percent
lighter than the commercial product, and concentrates 500 Watts onto a 10
inch square board.
Microelectronics in
high speed computing
Related NSA research areas include synthetic diamond packaging technology,
all-optical switching, and optoelectronic integrated circuit packaging
technology. Other activities include:
Pictured to the left is a 128x128 superconductive
crossbar switch. The switch matrix is mounted on the 4"-diameter MCM and
maintained at 4 degrees Kelvin temperature. It is connected to its
room-temperature environment by an eight multichannel electrical cable.
A spray cooled dc/dc converter can supply an impressive 200
W/in3. This magnitude of miniaturization allows tight integration
of the power converter and electronics in a shared environment. Point of
load conversion eliminates heavy bus bars and rigid cables by distributing
power at high voltage and low current. Spray cooling results in relaxed device
specifications and improved reliability due to reduced operating junction
temperatures and thermal gradient. A 28 vdc/4 vdc spray cooled converter
is pictured to the left.
UPC
NSA's Center for Computing Sciences (CCS), in partnership with the University
of California at Berkeley and Lawrence Livermore National Laboratory, is
developing UPC, a language that combines features of the CCS-developed AC
with features of Split-C and PCP, two other parallel C languages. UPC represents
an attempt to develop a base language that could become a standard for
explicitly-parallel C. UPC extends AC in three ways:
Quantum Computing
In FY 1998 and 1999, NSA will continue fundamental exploratory studies in quantum computation theory and experimentation, including algorithms and complexity theory, quantum error correction techniques, quantum decoherence processes, and small scale laboratory implementations.
HTMT
NSA's Hybrid Technology Multithreaded (HTMT) architecture effort is a
collaborative project among a dozen research groups (Caltech/JPL, University
of Delaware, SUNY Stony Brook, University of Notre Dame, Princeton University
plus an association of other government and industry labs). The objective
is to define a very high performance computer system that can reach a petaflop
level of performance in significantly less time than a conventional approach.
HTMT will be based on a unique multithreaded execution model and will use
a combination of leading-edge technologies, including superconducting technology,
high-speed VLSI semiconductor technology, optical interconnect, and storage
technology. The system is expected to be used in several critical high
performance applications of national strategic importance over the next decade.
An initial study of the original HTMT concept was funded by NSF and NASA
in 1996-1997. A comprehensive design study of HTMT is now sponsored by DARPA,
NSA and NASA, and is managed through Caltech and JPL. The research being
performed at University of Delaware is focused on the program execution and
architecture model of HTMT.
High speed circuits
NSA is conducting research to determine whether electronics can handle the 100 Gb/s serial data rates of fiber optic links. Uses include Tb/sec data transfer.
RES, JACKAL, and LOTS
RES, a system developed in 1991-1992 with NSA HPCC funds, was designed to
harness "idle" workstations. It is seeing increasingly widespread use and
is the subject of continuing enhancement.
JACKAL is a cliche-based software reverse-engineering research system (where
a "cliche" is an "interesting" piece of code). Input to JACKAL is a high-level
abstract language translation of source code (when available) or decompiled
code. JACKAL uses tree-matching and string-matching algorithms to identify
cliches.
Archival store for I/O is a major element in all computing systems. NSA is
developing LOTS, an optical tape system with ten times the storage per tape
and at least ten times the input data rate compared with conventional large
stores.
Source: http://www.ccic.gov/pubs/blue99/hcs.html
Information security
NSA's Information Security (INFOSEC) Research Program continues to deliver
a broad range of security technology solutions. Fundamental mathematical
work in cryptography, including elliptic curve technology, has produced more
secure and efficient algorithms for privacy protection and authentication,
while analytic work in electronic cash technology has provided valuable guidance
to the financial and legal communities. NSA has provided demonstrations and
standards developments to ease the integration of security services into
commercial products and services. Engineering breakthroughs in high speed/low
power electronics and in optical encryption technology will provide the
foundation for emerging high performance communication systems. Improved
biometric authentication techniques are finding widespread acceptance for
improving government and commercial access control systems. Security enhancements
for next generation operating systems and for object technology have been
developed and transferred to the R&D community. New visualization and
risk assessment tools have been developed and applied to assessing system
security. Finally, NSA has established cooperation across the INFOSEC research
community to address network security.
NSA has developed a technology forecast and set of challenge problems that
focus on the development of a high assurance computing platform, technology
for secure internetworking, and technologies needed for a high assurance
security management infrastructure. The technology needs and gaps of these
challenge problems will direct the bulk of NSA's INFOSEC research resources.
Problem areas that need to be addressed include the development of system
security engineering methods to specify and design security characteristics
into a system; the management of network security and the development of
an infrastructure to support that management; tools and techniques to detect
and respond to local and national level attacks on critical information systems
and infrastructure components; the development of strong mechanisms to allow
the controlled sharing of information among disparate communities; and improved
assurance technology for increasing the level of trust in the secure operation
of system hardware, software, and procedures. Following are some highlights:
National Information
Assurance Partnership
program and Role-Based
Access Control
Under the NIAP program, NIST has partnered with NSA to establish a center
to foster the development of formal laboratories to test and certify security
products against published formal specifications. This program will help
ensure that both vendors and users can cite third-party assurance of the
functionality and quality of security products and systems.
In the complex information technology environment, the careful and correct
specification of rules to control access to online documents, capabilities,
or systems has become critical -- and increasingly difficult. While traditional
access control methods focus on individual users, files, or other system
objects, management of access in the real world is more often based on the
role that a user assumes. NIST has pioneered the new RBAC model that better
meets the needs of user organizations and is implementing it in environments,
including a Web-based application.
Source: http://www.ccic.gov/pubs/ip98.pdf
NSA will flight test MARQUISE (the embedded High Performance Computer) on Air Force and Navy aircraft. The agency will continue research on a miniaturized spray cooled embedded diamond power supply and on embedded scalable nodes (follow-on architecture to MARQUISE) for mission scenarios. NSA will continue joint NSA/University of Maryland research on microelectronics applied to high speed computing, including very high speed (many Gb/s) optoelectronic devices and systems using 1.5 micron WDM interconnect technology. The program supports research on new electronic (Si) structures for future very high speed, high density very large scale integration (VLSI) with feature sizes well below 0.1 micron and supports research in silicon surface science.
Research also includes synthetic diamond packaging technology, all-optical switching, and optoelectronic integrated circuit (IC) packaging technology. Expected FY 1998 accomplishments include point-of-use power conversion (for power reduction), area array I/O design studies for low power implementations of high performance multichip module (MCM), and studying and prototyping very high level programmable accelerator plug-ins for standard architectures. FY 1998 efforts will continue research in quantum computing in association with NIST, DOE laboratories, and other research agencies.
NSA will continue its very high speed networking R&D by applying the latest technologies to inter-agency testbeds that can be migrated to deployment. Enabling technologies such as materials and photonics research are being studied for new capabilities to speed processing power and enhance sensitivity. In FY 1998, NSA expects to have in place all the parts necessary for a truly Gb/s Internet, capable of supporting multiple individual data streams, each at 2.4 Gb/s, over ATM and IP. Installation of all-optical networks will begin. The Washington, DC, area ATDnet will act as a public network capable of interconnection with an all-optical (crossbar) network, acting as a DoD private network, as well as use individual wavelengths for support of "legacy" ATM networks.
NSA will demonstrate solutions to high assurance configurable security architectures. NSA will continue constructing prototypes to enable the efficient replacement of security policies and security mechanisms with minimal impact on system service or assurance. Research solutions will be integrated into future commercial technology via collaboration with various research labs. This effort will include: integration of security research results into advanced operating system technologies; creation of system framework for flexible authentication services; and securing computing related to distributed and mobile computing. NSA will continue development of functional devices including core cryptographic processors, numeric processors, high speed memories, and test and characterization devices. It will also explore related silicon technologies that employ high speed, low power characteristics.
National Security Agency
The National Security Agency (NSA) has traditionally influenced and been a very early and sophisticated user of the highest performance commercial computer, storage, and networking systems. For these reasons, NSA actively participated in the original HPCC studies which led to the Federal HPCC program. Through the entire period of growth of high performance computing and networking, spanning several decades, NSA has stimulated both industry and academia with some of the most challenging problems in the nation. A number of major U.S. computer companies are now using hardware and software technology in their products which originated at NSA. This role must continue, both to assure the availability of increasingly higher performance systems to meet the nation's national security interests and to ensure that benefits of NSA's activities accrue to the overall advantage of the industry and the satisfaction of other HPCC Grand Challenges.
NSA will continue to pursue high performance computing and very high speed networks in order to perform its mission. Many of these programs will also contribute directly to the overall goals of HPCC. NSA sponsors divisions of the Institute for Defense Analyses (an FFRDC) to do most of this research.
Results of programs and external drivers have led to revised priorities and funding levels for the supercomputing, superconducting, and very high speed research programs.
Source: "Trust in Cyberspace" http://jya.com/tic.htm
Since information about the NSA R2 research program is less-widely available than for relevant programs at DARPA and other federal agencies, the entire committee visited NSA for a more in-depth examination of R2's research program; subsequent meetings involving NSA R2 personnel and a subset of the committee provided still further input to the study.
***
NSA funds information security research through R2 and other of its organizational units. The present study deals exclusively with R2. In contrast to DARPA, NSA R2 consumes a large portion of its budget internally, including significant expenditures on nonresearch activities. NSA's two missions- protecting U.S. sensitive information and acquiring foreign intelligence information-can confound its interactions with others in the promotion of trustworthiness. Its defensive mission makes knowing how to protect systems paramount; its offensive need to exploit system vulnerabilities can inhibit its sharing of knowledge. This tension is not new. What is relevant for future effort is the lingering distrust for the agency in the academic research community and some quarters of industry, which has had a negative impact on R2' s efforts at outreach. The rise of NISs creates new needs for expertise in computer systems that NSA is challenged to develop internally and procure externally. R2's difficulty in recruiting and retaining highly qualified technical research staff is a reason for "outsourcing" research, when highly skilled research staff are available elsewhere. R2's effectiveness depends on better leveraging of talent both outside and inside the organization.
***
Within the federal government, external research relating to information systems trustworthiness is coordinated by the interagency Computing, Information, and Communications (CIC) R&D Subcommittee. About 12 federal departments and agencies participate in coordinating program planning, budgeting, and review. The CIC R&D Subcommittee is divided into five components and trustworthiness activity is largely associated with the High Confidence Systems (HCS) component.87 n terms of research support, NSA and DARPA dominate the CIC agencies involved with HCS, with FY 1997 spending listed as $7.3 million and $10 million, respectively, out of a $30 million component total. Other components include High End Computing and Computation, Large Scale Networking, Human Centered Systems, and Education, Training, and Human Resources -- each of which can contribute to or be affected by trustworthiness.
***
The federal government has sought to promote coordination among entities on trustworthiness R&D, and it has linked defense and civilian and mission and research agencies through the HCS working group. There is also an evolving information security (infosec) research council that includes DARPA, DISA, NSA, NIST, DOE, the CIA, and the military services. The PCCIP has recommended additional interagency coordination structures, building on the teams it assembled while conducting its work.88
The focused coordination effort comes from the DARPA-NSA-DISA Joint Technology Office (JTO). Specifically, the role of the Information Systems Security Research-Joint Technology Office (ISSR-JTO) is "to optimize use of the limited research funds available, and strengthen the responsiveness of the programs to DISA, expediting delivery of technologies that meet DISA's requirements to safeguard the confidentiality, integrity, authenticity, and availability of data in Department of Defense information systems, provide a robust first line of defense for defensive information warfare, and permit electronic commerce between the Department of Defense and its contractors."89
National Security Agency
The National Security Agency is responsible for (1) providing intelligence through the interception, collection, decryption, translation, and processing of foreign communications signals and (2) developing cryptographic and other information security techniques to protect classified and unclassified (but sensitive) U.S. communications and computer systems associated with national security.90 In support of its information security mission, the NSA has historically developed very high quality cryptographic equipment and keying material for the Department of Defense and other customers in the U.S. government (e.g., the State Department). For years, the primary focus of the NSA was on protecting the confidentiality of communications. As the boundary between communications and computing has blurred, the NSA has focused its protection on information security rather than more narrowly on communications security (see Box 6.6).
The growing dependence on COTS technology in the DOD necessitates a strong NSA interest in COTS trustworthiness and the integration of cryptography into COTS products. NSA's special customer market is small enough and the potential for NSA control is sufficient to discourage many producers of COTS products from meeting NSA's special needs directly; because of its low and shrinking influence on the market, NSA needs to understand and work with COTS technology and vendors. The shift to COTS products raises questions about the scope of national security concerns and what they imply for technology strategies to meet the needs of national security entities, the primary client of NSA.
Partnerships with Industry
Increasingly, partnering with industry is seen as an approach for lowering government research costs, ensuring the relevance of solutions, and expediting the transfer of research into products. On the other hand, anecdotal evidence91 points to concerns about the direct and opportunity costs of engineering efforts that respond to NSA's concerns without generating products that see widespread use (Mayfield et al., 1997). Meanwhile, growing recognition of the need for trustworthiness combined with increased dependence on NISs continues to lead more organizations (e.g., banks) with high levels of concern about information security to approach NSA for consultation and assistance. The National Computer Security Center was formed by NSA in the early 1980s as a communications conduit for information security technology. More recently, the NSA National Cryptologic Strategy described and encouraged a "zone of cooperation" among the law enforcement and national security communities, the public sector generally, and the private sector.
Another example of reaching out is the NSA effort in the early 1990s concerning the Multilevel Information Systems Security Initiative (MISSI), which was originally intended to provide a set of products and an architectural framework that would facilitate the development of multilevel secure NISs. A key aspect of MISSI was to promote broader use of Fortezza technology92 through partnerships with industry. MISSI embodied the view that secure hardware and software had to be developed together, something that the COTS market eschews. For this and other reasons, it is widely acknowledged that MISSI was both a technical and marketplace failure; nevertheless, the multilevel security concerns embodied in MISSI -- that truly secure solutions require integrated approaches -- continue to shape NSA management thinking.93 An alternate way to leverage COTS technology is through the development of standards, such as common application programming interfaces (APIs) that permit the development and use of security products with differing strength. Such standards have promise in satisfying the needs of diverse communities of security customers. The use of APIs seems to the committee to be more appealing to industry than MISSI, although acknowledging that APIs and MISSI are not directly comparable because APIs do not address system security or assurance issues. However, APIs are consistent with the notion that successful solutions in industry are likely to be add-ons, rather than integrative solutions. Furthermore, some APIs, notably those for cryptographic functions, can run afoul of export control restrictions.
The U.S. Trusted Computer System Evaluation Criteria (TCSEC) effort represents a further attempt by NSA to partner with the private sector. In this area, NSA insisted on specific conceptual models and corresponding technology, such as the information flow security models for access control at higher levels of the TCSEC. The result was a different and more costly orientation to authentication and access control than evidenced by policy models apparent in industry. No commercially viable products emerged from this effort, and today it is regarded as essentially irrelevant to current COTS information technology.
The effectiveness of such outreach efforts has been limited in the past by such factors as public mistrust of a historically secretive agency; the lack of public awareness, understanding, and support for the TCSEC and Evaluated Product List; and the ambiguity inherent in a public outreach arm in an agency constrained by statute to national security interests (CSTB, 1991). Current efforts may prove more successful, but they must overcome a legacy of suspicion originating in NSA's traditional secrecy as well as its role in controversies surrounding such efforts as the TCSEC, Clipper chip/Fortezza, and its desires for controls on exports of information security devices.94
Other factors inhibit cooperation between NSA and the private sector. The environment in which private-sector information security needs are manifested may be different enough from the defense and foreign policy worlds that these technologies may not be particularly relevant in practice to the private sector. Furthermore, the rapid pace of commercial developments in information technology may make it difficult for the private sector to use technologies developed for national security purposes in a less rapidly changing environment (CSTB, 1996).
R2 Program
To support its mission, NSA funds and conducts research through an organization called R, which has research subunits and staff groups that provide support for technology forecasting and infosec research outreach. R2 is the NSA research subunit responsible for information security research programs; it is organized into three research divisions: cryptography, engineering, and computer science. In 1997 R2 had over 100 staff and a contracting budget in the tens of millions of dollars, a portion of which is coordinated with DARPA.
The major foci of R2 research are enumerated in Box 6.7. The dominant areas of R2 research are secure communications technology, assurance technology, and security management infrastructure.96 Although cryptography has been the centerpiece of NSA's communication security products and is the dominant technique for providing security within NISs, cryptography was not identified as a dominant emphasis. Classified research and research performed by other NSA research elements and other government and government-supported research organizations presumably provide research support to NSA in this area.
The NSA and its R2 organization have developed close working relationships with a group of companies and organizations that have acquired a significant understanding of NSA's goals and the technologies involved in satisfying those goals. A large portion of the research work funded by R2 is conducted by selected contractors, federally funded research and development centers (FFRDCs), and researchers at national laboratories (e.g., work on quantum cryptography, an example of the more fundamental work supported by R2). Although R2 does not, for the most part, use the same open solicitation process used by DARPA, for example, it does review and sometimes funds proposals submitted to DARPA. Such coordination is a goal of the JTO.
R2's small University Research Program (URP) publishes open solicitations for research and provides modest security-related contracts ($50,000 to $100,000) to principal investigators in a number of colleges and universities. The program is intended to encourage professors to work in computer and communications security, although published results have not been noteworthy. For example, R2 has supported operating systems (OS) work that its management recognizes has not affected mainstream OS work and formal methods work that also has had limited impact (e.g., formal verification tools have not been developed as hoped for).
In a recent study (Anderson et al., 1998), 45 NSA-funded projects in the area of information system security and survivability were identified. Although the enumeration may not be comprehensive, it does indicate the nature and scope of the research funded by NSA (see Appendix J).
Of R2's contract funds, a significant portion goes to support nonresearch activities such as participation in standards-setting organizations (e.g., the Internet Engineering Task Force, where R2 contributed the ISAKMP protocol to the IPsec standards effort), consortia membership (e.g., the ATM Forum, where R2 also contributed to security protocol standards), and support for infosec education (e.g., Biometrics consortium, Network Security Management Forum, and support for infosec studies at the Naval Postgraduate School and the University of Maryland). Numerous activities, both external and contract funded, are focused on understanding and assessing various products and technologies (e.g., hacker tools, cryptography for electronic-cash). R2 also supports several efforts to modify COTS products to incorporate new or expanded security functionality (e.g., biometrics access controls and intrusion detection for Windows NT).
Issues for the Future. The committee reviewed a draft of R2's "Information System Security Research Program Plan," which was revised multiple times in 1996-1997.97 This plan calls for greater interaction with the entire infosec community and a more open but focused R2 research program, which would be based on input from an infosec research council (sponsored by NSA and including participants from the relevant agencies and the military services), a national infosec technical baseline (established by NSA, DOE, and DOE's national laboratories), and an infosec science and technology study group (composed of leading experts who would provide an infosec perspective from the private sector). By design, the draft plan would support technology R&D "consistent with the fundamental security principles and concepts articulated in the DOD Goal Security Architecture" (Burnham, 1997). To ensure a supply of knowledgeable experts in the future, the draft plan calls for the establishment of academic centers for infosec studies and research. The plan also emphasizes technology transfer to the infosec side of NSA, to the military services, and to industry.
The committee believes that R2 faces two related challenges. One challenge is its research portfolio. Because NSA both funds external infosec research and performs internal infosec research, questions arise as to the appropriate allocation of effort (internal and external) and its coordination. Decisions about internal effort, like decisions about external effort, should recognize where the parties have comparative advantage. Highly classified cryptographic research is a natural choice for internal research; NSA has widely recognized strength in that area and has better access to mathematical talent in terms of both caliber and number or researchers. Other areas of trustworthiness, less constrained by classification requirements, seem more appropriate for R2 to pursue externally.
The second critical issue is the recruitment, retention, and continuing education of high-quality talent to pursue noncryptographic trustworthiness research areas. In these areas, especially those that depend on computer science, highly skilled researchers available in many academic and commercial organizations can make significant contributions to infosec technology. R2 will have to compete for that talent with other agencies that have established relationships with top researchers. Furthermore, top-tier talent with security expertise is scarce, and nongovernment employers would appear to offer more rewards, from recognition to pay (Lardner, 1998). Skills developed in an infosec research group, especially those relating to network security, cryptography, and COTS software, are easily marketable in the commercial sector -- a fact that constrains both hiring and retention in R2. Finally, there is the perception that the "cloak and dagger image" that once attracted some people to NSA is no longer as strong, because of a smaller defense budget and rapidly growing private-sector alternatives (Lardner, 1998).
As previously indicated, senior management at NSA and NSA advisory groups have stated that it is difficult to obtain and retain highly qualified technical research staff with computer-related expertise for the R2 organization.98 Within R2, staff is spread thinly, and loss of an individual can have a significant impact on organizational coverage. Further, the ability of a technologist to do research is reportedly limited by administrative and other obligations. The adoption of a rotation program, comparable to those at the NSF and DARPA for program managers, could be considered as a complement to hiring regular staff members. To be effective, such a program would have to be carefully designed to attract the desired researchers to the NSA.
R2 may be at a disadvantage within NSA inasmuch as its work is removed from fielded results that constitute NSA successes and its work is not as directly linked to NSA's mission as that of other units. These circumstances can constrain internal communication, and anecdotal evidence suggests that R2 may not always benefit from knowledge of relevant work done by sister units. By contrast, program managers pursuing trustworthiness topics at DARPA and NSF have more visibility, and they and the researchers they fund are free to publish their results.
Although R2 funds and performs unclassified work, it shares the NSA environment and mind-set of tightly controlled information. This environment presents a real conflict with the need for access to open research information. It can encourage a closed community of workers who do not communicate with others in the community either to seek or contribute information. Although R2 has increased its outreach, the conferences in which it seems most active as an organization, the NSA-NIST-sponsored National Information System Security Conference and its own Tech Fest, tend to attract a small community of researchers with long-standing connections to NSA. These audiences have only limited interaction with the larger community of computer science researchers with whom other HCS agency program managers have regular contact.
Findings
1. Some government customers have particularly high needs for security, and there are a handful of systems (e.g., "The President's Laptop") that face levels of threat and require the strength of a mechanism that is not available in commercial products and that would have insufficient demand to support a product in the marketplace. The NSA is particularly well situated to develop such mechanisms. Classified cryptographic research is also a natural fit for the NSA internal research program.
2. The R2 university research program emphasizes relatively short term and small projects. Such projects do not tend to attract the interest of the best industrial and academic researchers and institutions.
3. Rotation of R2 researchers with researchers in industry and academia could help to broaden and invigorate the R2 program. Such rotation would be most effective with institutions that have large numbers of leading researchers.
4. Inadequate incentives currently exist in R2 to attract and retain highly skilled researchers. Improved incentives might be financial (e.g., different salary scale) and/or nonfinancial (e.g., special recognition, greater public visibility). R2 faces formidable challenges in the recruitment and retention of the very best researchers.
5. R2 has initiated several outreach efforts, but these efforts have not significantly broadened the community of researchers who work with R2. Effective outreach efforts are those that are designed to be compatible with the interests, perspectives, and real needs of potential partners.
The NSA Mission: From Communications Security to Information Security
The 1995 NSA Corporate Plan for Information Systems Security laid out a broad
mission: "[NSA's] INFOSEC [information security] mission is to provide
leadership, products, and services necessary to enable customers to protect
national security and sensitive information in information systems pursuant
to federal law and national policies, and to provide technical support to
the government's efforts to incorporate information systems security into
the national information infrastructure. Our customers include national security
community members handling classified and sensitive information, as well
as those civil government agencies and, when requested, private sector
organizations providing vital national services. We serve our customers by
assessing their needs, delivering solutions, and creating advanced INFOSEC
technologies. We also promote security for the national information
infrastructure through our policy and standards work, our efforts in public
advocacy and education, and our role in shaping commercially available security
technology" (p. ii). More recently, the 1996 National Cryptologic Strategy
for the 21st Century110 explicitly related
military and commercial vulnerability to interconnectivity, interoperability,
and increased reliance on commercial off-the-shelf products and services.
|
R2's Research Activities
Source: Based on program management information supplied to the committee
in 1997. |
***
The NSA R2 organization must increase its efforts devoted to outreach and recruitment and retention issues.
R2 has initiated several outreach efforts, but these have not significantly broadened the community of researchers that work with R2. Effective outreach efforts are those that are designed to be compatible with the interests, perspectives, and realities of potential partners (e.g., acknowledgment of the dominance of COTS technology).
Inadequate incentives currently exist within R2 to attract and retain highly skilled researchers. Improved incentives might be financial (e.g., different salary scale) and/or nonfinancial (e.g., special recognition, greater public visibility) in nature. R2 faces formidable challenges in the recruitment and retention of the very best researchers. The rotation of R2 researchers with researchers in industry and academia would help to broaden and invigorate the R2 program. Such rotation would be most effective if it involved institutions that have large numbers of top researchers. As currently constituted, the R2 university research program emphasizes relatively short-term and small projects, and it does not attract the interest of the best industrial and academic researchers and institutions.
***
In a recent study, Anderson et al. (1998) identified a total of 104 individual research projects that were funded by DARPA's Information Survivability program, a unit of the Information Technology Office (ITO), in FY 1998. In addition, 45 information security projects were identified from the NSA and were included in the Anderson et al. (1998) study. These projects were categorized as depicted below (some projects were counted in two categories).
Heterogeneity
Preferential Replication/Lifespan, Architectural/Software Diversity, Path Diversity, Randomized Compilation, Secure Heterogeneous EnvironmentsNSA R2 = 0 projects; DARPA ITO = 2 projects
Static Resource Allocation
Hardware TechnologyNSA R2 = 1 project; DARPA ITO = 0 projects
Dynamic Resource Allocation
Detect & Respond to Attacks/Malfunctions, Dynamic Quality of Services, Active Packet/Node Networks, Dynamic Security ManagementNSA R2 = 3 projects; DARPA ITO = 12 projects
Redundancy
ReplicationNSA R2 = 0 projects; DARPA ITO = 3 projects
Resilience & Robustness
Cryptography/Authentication, Modeling and Testing, Fault/Failure-Tolerant Components, Advanced Languages & Systems, Wrappers, Firewalls, Secure Protocols, Advanced/Secure HardwareNSA R2 = 28 projects; DARPA ITO = 54 projects
Rapid Recovery & Reconstitution
Detect and Recover ActivitiesNSA R2 = 0 projects; DARPA ITO = 2 projects
Deception
Decoy Infection RoutinesNSA R2 = 0 projects; DARPA ITO = 0 projects
Segmentation / Decentralization / Quarantine
Secure Distributed/Mobile Computing, Enclave/Shell Protection, Intruder Detection and Isolation, Specialized "Organs," Autonomous Self Contained Units, Damage ContainmentNSA R2 = 2 projects; DARPA ITO = 11 projects
Immunologic Identification
Autonomous Agents, "Lymphocyte" Agents, Detection of Anomalous Events, Mobile Code Verification, Self/Nonself Discrimination, Information DisseminationNSA R2 = 1 project; DARPA ITO = 12 projects
Self-Organization & Collective Behavior
Adaptive Mechanisms, Formal Structure Modeling, Emergent Properties & Behaviors, Node/Software Optimization, Market-Based Architecture, Scaleable Networks (VLSI)NSA R2 = O projects; DARPA ITO = 10 projects
Other/ Miscellaneous
Multiple Approaches to Network Security/Survivability, Technology ForecastingNSA R2 = 10 projects; DARPA 110 = 3 projects
Anderson, Robert H., Phillip M. Feldman, Scott Gerwehr, Brian Houghton, Richard Mesic, John D. Pinder, and Jeff Rothenberg. 1998. A "Minimum Essential Information Infrastructure" for U.S. Defense Systems: Meaningful? Feasible? Useful? Santa Monica, CA: RAND National Defense Research Institute (forthcoming) .
87 The HCS program was announced as one of six focus areas in the 1995 Strategic Implementation Plan of the Committee on Information and Communications (CIC) R&D, which coordinates computing and communications R&D across the federal government. CIC planning includes R&D activity in the areas of components, communications, computing systems, support software and tools, intelligent systems, information management, and applications.
88 The JTO was announced in the 1995 "ARPA/DISA/NSA Memorandum of Agreement Concerning the Information Systems Security Research Joint Technology Office." Complementing DARPA's ongoing research program relating to system security as well as NSA's research efforts, the Joint Technology Office (JTO) is intended to further coordination of research and technology development relevant to meeting DOD's needs for trustworthy systems. It also aims to make the goals and decision-making processes for such R&D more open and responsive to public needs and concerns. Organized as a "virtual" entity that draws on personnel and resources otherwise housed at the participating agencies, the JTO is expected to harmonize the individual agency programs much as the High Performance Computing and Communications Initiative has harmonized those of its component agencies, while leaving research management (e.g., broad area announcements in the case of DARPA) and ultimate source selection decision making to those agencies.
89 See "Memorandum of Agreement Between the Advanced Research Projects Agency, the Defense Information Systems Agency, and the National Security Agency Concerning the Information Systems Security Research Joint Technology Office''; MOA effective April 2, 1995. The full text of the MOA is available online at http://www.ito.darpa.mil/ResearchAreas/Information_Survivability/MOA.html.
90 Under the National Security Act of 1947, a restructured intelligence community was created. Subsequent executive orders have revised or reordered the intelligence community (and continue to do so). The National Security Agency (which replaced the Armed Forces Security Agency) was created by presidential directive by President Truman in 1952. A number of documents that describe NSA's mission are classified, but a basic mission statement is now available on an NSA Web site, http://www.nsa gov:8080.
91 Such evidence includes the experiences of committee members.
92 Fortezza was originally designed for use with only unclassified data. Other products, never deployed, were to provide analogous cryptographic protection for classified data. However, over time MISSI's focus changed (see Chapter 4, Box 4.4, for additional details).
93 Committee discussion with R2 managers, October 21, 1996. 94 This distrust and suspicion of NSA is enhanced by NSA's history of control-oriented interactions with industry. The technology marketplace is a worldwide marketplace. For many companies at least half of their income is derived from outside of the United States. Advanced technology, especially cryptography, is subject to export controls, and NSA has played a significant role in advising the U.S. government on which technologies can be exported as commodities. The recent declassification of SKIPJACK and KEA is a step in the right direction; the declassification was done explicitly to allow industry to implement Fortezza-compatible software, thus enabling very low cost cryptographic "soft tokens."
95 For example, military users may be willing to tolerate a higher degree of inconvenience to obtain the benefits of security.
96 As reflected in unclassified briefings and materials on funding and staffing levels provided to the committee.
97 Authored by Blaine Burnham, NSA. This document was provided to the committee by R2 when the committee asked for insight into R2's thinking about future directions. The committee examined this document not as a formal plan for NSA, but as a white paper -- as a source of possibilities for the future.
98 They note that R2 has not recruited from the academic researchers it supports.
110 John Davis, NCSC director, described this program to the committee during its October 21 visit to NSA, using July 1996 briefing charts. [See also http://www.nsa.gov:8080/programs/ncs21/ ]