NSA: Global grid will have data assurance 'baked in'
- By Susan M. Menke
- Oct 13, 2004
The National Security Agency is revising its 2-month-old, 2,200-page information assurance roadmap for the Defense Department's Global Information Grid, NSA's Daniel G. Wolf said today at the Microsoft Security Summit East in Washington.
After incorporating feedback from government and industry, NSA will release a three-phase architectural plan for secure worldwide data sharing among and across military and intelligence agencies over the next two decades.
Wolf, the agency's IA director, said producing the architectural plan has taken 40 staff-years so far. It spells out no specific solutions at this point, but it will ensure that IA is 'baked in' by authenticating credentials, security clearances, roles and situational awareness throughout the GIG, he said. Some form of user token will be part of the security architecture.
'It's not only architecture, it will be products and services,' he said. For example, NSA will design the initial 1-Gbps backbone encryptors for major GIG communications links. As envisioned, later phases of the grid eventually could scale up to backbone rates of 40 Gbps and then 100 Gbps.
Although data traveling on the grid will be encrypted by two separate suites of high-grade and top-secret algorithms including the Advanced Encryption Standard, there still are potential risks from IPv6 packet headers and traffic disruption. More than 160 military systems are supposed to interact via the GIG, Wolf said.
As more and more IP-addressable devices'even some weapons'join the grid, cell phone voice calls could use its transport capacity, he said. The revised plan will 'identify the things to do, the timeframe, and the products and services. We want to monitor and manage devices over the network' with automatic updates and hardware and software problem alerts.
Because NSA lacks the resources to evaluate increasingly complex commercial software, Wolf has formed industry partnerships to make safer software a top priority. He said NSA has taken advantage of Microsoft Corp.'s offer to let governments examine its source code, which grew from 6 million lines of code in Windows 3.1 to more than 30 million lines in XP.
'Buffer overflows are a major source of failures and vulnerabilities' in software, said Wolf, who has recruited 59 colleges and universities to set up an IA curriculum and teach safe programming practices.
'We have a cadre of IA students,' he said. 'We hired about 30 graduates this year. They understand IA and hit the ground running.'
The Homeland Security Department has joined DOD as a joint sponsor of the IA curriculum program, he said. Another initiative for which he currently has no funding would be a high-assurance software office that could drive standards and develop automated tools and metrics.
'We need people interested in policy and business and international relations,' as well as programmers, he said. 'More than 50 percent of custom development will go offshore by 2007. There are foreign nationals developing software in the United States, and there are many third-party utilities and drivers.'
Wolf added, 'It's almost like the Manhattan Project. I see this as the modern equivalent to the national labs set up under the threat of thermonuclear war in the 1940s.'