NSA plots software center

The National Security Agency's top information security official disclosed plans this week for a government-funded research center devoted to improving the security of commercial software, calling the initiative a modern-day Manhattan Project.

Comparing the proposed high-assurance software initiative to the famous atomic bomb research project of the 1940s, NSA's director for information assurance, Daniel Wolf, said the research would focus on tools and techniques for writing secure software and detecting malicious code hidden in software.

Before NSA officials can create the center, the Defense secretary must approve the concept and find money for the project, Wolf said. He gave the keynote address at the Microsoft Corp. Security Summit East in Washington, D.C., earlier this week. The quality and trustworthiness of commercial software has become a matter of increasing concern to NSA officials, who are responsible for the security of Defense Department and intelligence software. NSA officials anticipate that many companies on whose software DOD and intelligence users rely will be moving significant portions of their commercial software development overseas within a few years.

NSA officials cannot force companies to develop software a certain way, Wolf said, "but we would like to get them to a point where they are producing commercial products that meet the needs of our users." About 95 percent of the agency's desktop PCs run Microsoft's Windows operating system, Wolf said.

The high-assurance software center would have a small staff of researchers who would work with other researchers at NSA, the Defense Advanced Research Projects Agency, the Homeland Security Department, the National Institute of Standards and Technology, federally funded research centers, academic institutions, and corporations. "We talk about something like a Manhattan Project because of the magnitude of what we're trying to do," Wolf said.

Creating commercial software of high quality and trustworthiness is immensely difficult using existing tools and techniques, he said. "You want software that does all the things that it is supposed to do and nothing more," he said. It is especially difficult to know whether commercial software contains hidden malicious code. Current detection tools produce too many false positives, he said.

As an agency, NSA has 50 years' experience with writing cryptographic code, Wolf said. "What we bring to the table is the ability to analyze software and find vulnerabilities," he said.


  • Congress
    U.S. Capitol (Photo by M DOGAN / Shutterstock)

    Funding bill clears Congress, heads for president's desk

    The $1.3 trillion spending package passed the House of Representatives on March 22 and the Senate in the early hours of March 23. President Trump is expected to sign the bill, securing government funding for the remainder of fiscal year 2018.

  • 2018 Fed 100

    The 2018 Federal 100

    This year's Fed 100 winners show just how much committed and talented individuals can accomplish in federal IT. Read their profiles to learn more!

  • Census
    How tech can save money for 2020 census

    Trump campaign taps census question as a fund-raising tool

    A fundraising email for the Trump-Pence reelection campaign is trying to get supporters behind a controversial change to the census -- asking respondents whether or not they are U.S. citizens.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.