NSA begins crypto upgrade

15-year plan to fund new encoding technology

Editor’s note: On Sept. 10, 2001, Federal Computer Week wrote about the National Security Agency beginning a 15-year Crypto Modernization Program. The amount budgeted for the program was classified information, but it was multiple millions in the first year and expected to be greater than that in subsequent years.

The National Security Agency is beginning a 15-year, multibillion-dollar effort to modernize the nation’s cryptographic systems, which are rapidly growing obsolete and vulnerable. Cryptographic systems encode messages and include such tools as secure telephones, tactical radios and smart cards. Virtually every federal department and agency — including the military, the White House, intelligence agencies and the State Department — use encryption. But existing encryption algorithms are no longer cutting-edge, and hardware for many systems is becoming obsolete. Replacing them is a top goal for NSA’s information assurance directorate, said Michael Jacobs, who heads the directorate.

“When it comes to protecting our information, the first line of defense is NSA-provided cryptography,” said Vice Adm. Richard Mayo, Navy director of space, information warfare, command and control, speaking before the House Armed Services Committee in May. Mayo said the Navy, joint forces and allied militaries have more than “400,000 such cryptographic products of varying type in our in inventory for voice, video and data.”

“A lot of that [hardware] technology is at or [is] getting to the point where you cannot obtain replacement parts, so it’s becoming a maintenance problem,” Jacobs said. He noted that the security features in the cryptographic systems — “specifically the underlying cryptographic algorithms” — are nearing the end of their life expectancy.

The agency recently published a cryptography plan and shared its vision with 70 potential vendors this summer. NSA will fund early development of new technologies under the Crypto Modernization Program, and the various departments and agencies will acquire the systems once they have been developed.

“Information system security is the name of the game, and if NSA cannot guarantee that security, it is a serious problem,” said Steven Aftergood, intelligence policy analyst for the Federation of American Scientists. “It’s a problem for everyone who depends on secure communications, and that’s almost everyone in government.”

NSA’s budget is classified, but Jacobs said the agency has budgeted “multiple millions” of dollars just to update its cryptographic systems in 2002 and is seeking to increase funding in its 2003 to 2008 budget plan.

“We’re at the front end of this process, which in terms of dollar value is a lot smaller than the middle and back end, where acquisition starts,” Jacobs said.

Agency officials must decide which families of equipment they initially want to modify or replace; the first modernized products will likely be delivered in 2004.

Reader comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above