DES set for overhaul

The National Institute of Standards and Technology is preparing to change for the first time in almost 20 years the required federal standard for the protection of all encrypted government data characterized as sensitive but unclassified.

NIST is preparing a Federal Register request for an algorithm to succeed the Data Encryption Standard said Anne Enright Shepherd a NIST spokeswoman. DES is the national encryption standard that has been prominent in all but the most secret agencies and is offered in the products of most federal contractors.For example DES is embedded in all of the government's secure telephones the Energy Department has multiple networks that use DES it is the basis for the Treasury Department's electronic funds transfer program and the Federal Reserve uses DES to encrypt connections between the depository financial institutions and Federal Reserve banks.

The request will have to be approved by NIST officials the Commerce Department and the Office of Management and Budget. Shepherd said it is being "worked through the process." She could not provide any details before its publication.

She did say however that because of the "huge installed base of DES products being used by the government " many agencies have asked for a transition period if any changes are made.

Use of DES in both the public and private sectors is extensive said Frank Dzubeck president of Washington D.C.-based Communications Network Architects Inc.

"DES is pretty much the encryption standard being used by most of the vendors in the world for standard encryption " he said.

"The government was the instigator the last time of DES and it fed very quickly into the commercial space " he added.

As a result of the widespread use vendors and government users would be affected by any change to the standard.

"Everyone who is using DES will have to change from a federal standpoint " Dzubeck said. "Anybody that deals with the federal government will have to change. The ripple effect is significant."

DES was first published in 1977. Regardless of which algorithm is tapped to replace DES the trick to its success will be to convince the commercial sector to invest in the change in an encryption standard without widespread evidence of its need said Mike Schwartz president of Prime Factors Inc. an Oregon-based security firm.

"Even if NIST were to say `Here is a new standard ' why would anyone do anything about it because DES shows no sign of weakening " he said.

Featured

  • Defense
    Ryan D. McCarthy being sworn in as Army Secretary Oct. 10, 2019. (Photo credit: Sgt. Dana Clarke/U.S. Army)

    Army wants to spend nearly $1B on cloud, data by 2025

    Army Secretary Ryan McCarthy said lack of funding or a potential delay in the JEDI cloud bid "strikes to the heart of our concern."

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.