Dec 31 2009

Security Takes the Offensive

U.S. intelligence organizations use new cybersecurity technologies to share data and fight the war on terror.

To protect your house,
open its doors. As
counterintuitive as that
may sound, it's what the
technology-savvy U.S.
intelligence community
is doing to share—and
also protect—sensitive data with federal
agencies, as well as homeland security
and law enforcement organizations.

It's a delicate balancing act.

Today more than ever, cybersecurity is
critical to protect the systems that gather
and analyze intelligence that could thwart
terrorist actions and attacks. Of course, not
everyone is sure the government—or the
technology—is up to the task.

Experts say that installing even the
best firewalls and encryption software
isn't enough to keep systems safe. An
additional conundrum is that, while
plugging any chinks in systems'
cyberarmor, intelligence organizations
must simultaneously allow entry to
those systems in order to share the
information they're protecting with
organizations that need access.

"This flies in face of traditional security
rules and practices," says Kevin O'Connell,
director of the Intelligence Policy Center
for the Rand Corp., a Santa Monica, Calif.,
think tank. And it creates a new role for
the communications networks used by
intelligence professionals.

"We need architectures that protect
sensitive data, but which also allow for the
free flow of information between people
who may not know each other until 20
minutes before their conversation takes
place," O'Connell adds. "That's a very
tough challenge."

One effort that is meeting this
challenge head on is the Department of
Defense (DOD) Global Information Grid
(GIG), a secure, high-speed network that
is being built in stages over the next 15
years. Experts predict that when the
international communications platform is
complete, it may be an essential tool for
protecting the country, while also offering
a model for how other agencies should
implement cybersecurity without
shackling their core missions.

Striving for Better Grades

Some observers believe that the federal
government needs help in jump-starting
its cybersecurity efforts. The House's
Subcommittee on Technology, Information
Policy, Intergovernmental Relations and
the Census has publicly criticized the
federal government's pace in shoring up

Last December, the subcommittee gave
the government an overall grade of D for
its IT security efforts in 2003, based on
self-evaluations agencies provided to the
Office of Management and Budget to meet
requirements of the Federal Information
Security Management Act. While two
agencies earned A's, the Defense and
Homeland Security departments scored
only a D and an F, respectively.

One cybersecurity bright spot in DOD
is the National Security Agency (NSA), says
Chip Walker, who was a subcommittee
staff member until March and is now
deputy director of the Cyber Security
Industry Alliance (CSIA), a Washington,
D.C., consortium of security service and
product providers.

"We would have meetings in the
subcommittee to talk about security for
nonclassified systems, and NSA was very
useful in helping us come up with
technological and other types of solutions,"

Walker reports. "They've been doing this a
lot longer than most agencies, so they have
a lot of experience in technologies that other
agencies are just now beginning to use."

This expertise helped NSA get the
nod from DOD to develop the especially
challenging cybersecurity elements of GIG.
To ensure interoperability with the vast
number of public and private sector
networks, GIG will have an Internet
Protocol (IP) network backbone. This
common platform will make it possible
for officials with the highest security
clearances to communicate with each other
and, when necessary, to communicate
with nonclassified collaborators both in
and out of the government.

The project, now in its architecture-definition stage, is expected to handle
communications from satellites, PCs,
handheld devices, cell phones and
mobile radios. "When you're talking
about something as complex as the
GIG, you're talking about significant
[information assurance] and information
technology challenges," says Daniel Wolf,
information assurance (IA) director at
NSA. His group is developing specifications
for GIG's architecture and the security
components that will be integral to it.

Among the many security challenges
GIG faces is its prominence: The network
will be a prime target for the world's
terrorists and hackers. "NSA's information
is a very lucrative target," says Wolf. "We
know that adversaries will go to great
lengths to exploit it."

In addition to basic security elements,
such as firewalls and intrusion-detection
technologies, the GIG will incorporate
high-speed encryptors, new identity
management technology, and security
policies and procedures that have yet to
be developed. Among the latter will be a
system that provides dynamic access to
information based on each user's ID,
security clearance and the sensitivity of
the requested data.

To ensure that users have access only to
information they're authorized to see, GIG
will use a multilayer authentication system.
Before gaining access to information, Wolf
says, "you'd have to have a set of credentials
that say who you are. Plus, the system may
want two or three other things," such as
an electronic security key, a biometric proof
of identity and a password.

Security concerns extend to protecting
the data after it's been downloaded from
GIG. "The computer to which you
download information has to be secure
enough to match your clearance level,"
Wolf explains. "The GIG will validate you
based on its knowledge of those extra
devices and who you are."

The fact that much of GIG's technology
will come from commercial security
products represents a cultural shift in NSA.
The push to use commercial products, a
departure from the intelligence sector's
long-standing practice of creating its
own custom programs, is a nod to
collaboration-enhancing interoperability.

Lessons for All

NSA's cybersecurity strictures, which are
necessary to protect the integrity of its
classified data, are more than most
civilian agencies usually need, but the
technologies and procedures it develops
may still apply, says CSIA's Walker.

Social engineering aspects of NSA's
work on GIG will likely increase
compliance with security guidelines. To
work effectively, security first must be
unobtrusive, Wolf points out. However, if
information assurance isn't easy for users,
"they'll get frustrated and won't use it, or
they'll find ways to get around it," he says.

And, finally, IT managers should not
look at security as something to bolt onto
existing networks or systems. "Many
times, information assurance is thought of
after the fact," he says. "Then it's much
more difficult to do it effectively.

"We like to bake in IA at the start
rather than spread it on after everything
else is done, which is one of the real
advantages of being able to define the
components of GIG's architecture."


• What it is: GIG is a secure, high-speed international
communications platform that links various agencies within the
intelligence community, as well as other public and private sector

• Why it's important: In addition to aiding intelligence
gathering and analysis efforts, GIG will develop new cybersecurity
technologies in identity management and high-speed encryption.

• Who will benefit: Military and intelligence communities, as
well as others engaged in homeland security efforts, will benefit
from this platform.

• What the danger is: Because of its high profile, GIG's security
systems will likely be ongoing targets for the world's cyberterrorists
and hackers.


Closely related to the Global
Information Grid is the National
Security Agency's (NSA's) ongoing
modernization initiative known as
Transformation 2.0.

As defined by Air Force Lt. Gen.
and NSA Director Michael Hayden,
T 2.0's overarching goal is to
shift intelligence efforts from
dependence on Cold War-era
tactics to methods that are
effective against modern terrorist
organizations whose arsenals
include the latest communications
and computer technologies.

Fed Tech recently interviewed
Lt. Gen. Hayden about T 2.0's
progress and the ongoing
technology challenges inherent
in fighting the war on terror.

Fed Tech: Where is NSA in its
transformation process?

Hayden: We launched
Transformation 2.0 last year,
recognizing that forces within
and beyond our discipline of
cryptology required us to
re-examine how we viewed
information sharing. This wave of
transformation is aimed at
making cryptology more of a
team sport. NSA offices have a lot
of teammates: other elements of
NSA, tactical military units, our
U.S. intelligence and information
assurance partners, our allies, our
clients and industry. We're making
good progress on all fronts.

The reality is that NSA must
keep pace with a global
telecommunications revolution,
funded by a $3 trillion-a-year
industry. So the transformation
process can never end for us.

Fed Tech: You've described your
T 2.0 efforts as having the
equivalent of offensive and
defensive teams. How do these

Hayden: NSA's mission is
twofold: conducting signals
intelligence to produce foreign
intelligence information, and
performing information assurance
to protect U.S. information
systems. Our "offensive" team
exploits foreign signals—many of
which travel on complex global
networks—to provide foreign
intelligence and counterintelligence

Our "defensive" team identifies
and counters threats to U.S.
national security information
systems. We perform each aspect
of our mission in response to the
needs of U.S. policymakers and
the military, in accordance with
their particular set of legal

Fed Tech: What is NSA doing to
improve and enhance its own IT

Hayden: We're upgrading and
expanding the IT infrastructure in
terms of how collaboration is
done—the accesses provided and
the tools employed to enable
sharing. All facets of the
infrastructure come into play, but
the goal is singular in that we are
creating a teaming environment
across the intelligence community
with all our intelligence partners.

In some cases, this requires an
IT upgrade to support the volume
of increased interaction. However,
in most cases, it means employing
a set of security solutions so that
data can be exchanged while still
respecting differing security levels
and customer roles. Associated
with these collaboration tools is
the use of videoteleconferencing
to enable personnel across NSA's
global enterprise to be connected

Fed Tech: Has NSA's IT strategy
changed as a result of September 11?

Hayden: The primary lesson NSA
learned after September 11 was
that we were indeed on the right
path—the path of transformation.
With the money the president has
requested and Congress has
provided, we have aggressively
followed this path. We still have
much to do, but we have made
remarkable progress.