Top NSA Banner

Read Signal Magazine's Interview with IA Director Schaeffer

The October edition of Signal Magazine features an extensive interview with IA Director Dick Schaeffer on the Nation’s broad and vigilant efforts to “maintain the edge in information assurance.” In the interview, Mr. Schaeffer discusses the information assurance challenges presented by the widespread reliance on commercial technologies, by information sharing across diverse communities of interest, and by the need for cryptographic interoperability in a secure environment, a need addressed by the Suite B strategy.

Mr. Schaeffer also talks about the vulnerabilities that proliferate in a wireless environment and the rapid rate at which technology changes, both of which present daunting information assurance challenges. Finally, Mr. Schaeffer addresses the pressing need to grow a future cadre of information assurance professionals by inspiring students to study the “hard sciences,” the dangers inherent in the Internet, and the imperative that government and industry collaborate to ensure our information and infrastructure are reliable and secure. Please read the full article here…

IA Director Discusses Current IA Issues on Federal News Radio

Listen now to an interview with IA Director, Dick Schaeffer on Federal News Radio. Tom Temins, host of "Federal Security Spotlight," interviewed Mr. Schaeffer on 3 September to discuss the difference between IA and cybersecurity and how they relate, how NSA works with industry and other Federal agencies to improve the security profile of IT products, and how to recruit and retain talent in the cyber arena during a period of high competition for such people.

Announcing the Suite B Implementers' Guide to NIST SP 800-56A

The National Security Agency's Cryptography Research organization is proud to announce the publication of the Suite B Implementers' Guide to NIST SP 800-56A. The Suite B strategy, also known as the Cryptographic Interoperability Strategy (CIS), provides industry with a set of cryptographic algorithms that can be used to promote cryptographic protocol and algorithm interoperability and to create products meeting a range of U.S. Government needs. This Guide further details the specific Elliptic Curve Diffie-Hellman (ECDH) key-agreement schemes from NIST SP 800-56A: Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography that will be used in future and existing cryptographic protocols for Suite B products which are necessary for ECDH scheme implementations to be in compliance with NIST SP 800-56A and Suite B. A companion document Mathematical Routines for NIST Prime Elliptic Curves is also now available.

Podcast Interview with Dickie George

Listen now to a podcast interview with Dickie George, NSA's Information Assurance Technical Director about the joint NSA and Department of Homeland Security Centers of Academic Excellence (CAE) programs to educate the Nation's future cyber security experts. Mr. George speaks enthusiastically about the value and benefits of the CAE programs to schools, students, employers in the public and private sectors, and the Nation as a whole. In a world in which credit card numbers are routinely stolen, identity theft is rampant, and networks are under constant threat of attack, we need skilled professionals to protect and defend our cyber information and infrastructure. The CAE programs give students the tools, capabilities, and skills to become the Nation’s future cyber security professionals.

NSA Part of Consortium of Cybersecurity Experts That Establishes Baseline Standard of Due Care for Cybersecurity--The Top Twenty Most Critical Controls

According to a Press Release dated February 23, 2009 and released by a consortium of federal agencies and private organizations, including NSA, Version 1 of the Consensus Audit Guidelines (CAG) is now available for public review. The guidelines "define the most critical security controls to protect federal and contractor information and information systems." The CAG initiative is part of a larger effort housed at the Center for Strategic and International Studies (CSIS) in Washington, D.C., "to advance key recommendations from the CSIS Commission report on Cybersecurity for the 44th Presidency."

"NSA, DHS, Industry Gang Up on Dangerous Software Errors"
Business Week

"Computer security experts have warned for years that the endless cycle of software flaws and exploits will only be broken when we create incentives for software authors and publishers to get it right. On January 12 (2009), the industry took a potentially important step toward that goal when a broad coalition of companies, government agencies, academics, and advocacy groups launched a program to assure that software is free of 25 common errors that lead to the bulk of security problems." The program was developed jointly by the SANS Institute and MITRE, with backing from the National Security Agency's (NSA's) Information Assurance Directorate (IAD) and the Department of Homeland Security (DHS), the article said.

In SANS Institute's press release of January 12, NSA's Tony Sager commented on the program's significance; "The publication of a list of programming errors that enable cyber espionage and cyber crime is an important first step in managing the vulnerability of our networks and technology. There needs to be a move away from reacting to thousands of individual vulnerabilities, and to focus instead on a relatively small number of software flaws that allow vulnerabilities to occur, each with a general root cause. Such a list allows the targeting of improvements in software development practices, tools, and requirements to manage these problems earlier in the life cycle, where they can be solved on a large scale and cost-effectively."

Secure Mobile Environment Portable Electronic Device (SME PED)

The National Security Agency has developed a hand-held communication device that will revolutionize secure, portable access to classified information. Its technical name is "Secure Mobile Environment Portable Electronic Device" (SME PED) and it enables its users to send and receive both classified and unclassified telephone calls and to exchange classified and unclassified email. In addition, the SME-PED (pronounced "SMEE-PED") enables users to web browse on secure networks that are classified SECRET.