Inside man's public face

Michael Jacobs balances a secretive life as director of information assurance at the National Security Agency alongside his very public life as mayor of College Park, Md.

He performs his mayoral duties in his spare time and jokingly refers to it as a hobby. He was elected in 1997 after serving 14 years on the city council. Although the two jobs seem diametrically opposed, Jacobs said similarities exist.

"In terms of subject matter, we're starting to see some concern at the local government level in terms of [telecommunications and infrastructure] security," Jacobs said. "The ability to work in the federal government has direct parallels to what you need to do at the local government level, where you're engaging people and trying to engage them in a particular course of action."

Jacobs has served with NSA for 35 years—most of them in the directorate he now leads. He heads the nation's cadre of code makers, developing and evaluating encryption technology for the national security community—including the intelligence community and the departments of Defense, Energy and State.

The directorate's mission has evolved since its creation in 1952, when it primarily secured radio voice communications. Today, the directorate principally evaluates technology for security vulnerabilities, and the employees come from an array of disciplines, including computer science, engineering and mathematics.

"Crypto is probably the least of their worries now, because even if you use encryption, hackers can break into the [government's] Web sites," said John Pescatore, vice president and research director of network security at Gartner Inc.

Still, Jacobs is heading a 15-year, multibillion-dollar effort to modernize the government's cryptographic equipment, which is rapidly becoming obsolete. That effort includes such tools as secure telephones, public-key infrastructure and smart cards. In fact, the agency is releasing PKI Version 3.0, which combines PKI with smart cards used for personnel identification.

In addition, the agency will likely award a contract in October for a key management infrastructure that encompasses more than PKI. The current interface for encryption key products and services involves many disjointed, stovepiped systems. A key management infrastructure "will introduce a fused, unified interface for key material services involving paper systems, traditional key and electronic key," the agency said in response to written questions. While the agency is changing technologically, it also is transforming itself culturally, a change Jacobs said is critical. For example, the agency was once the only store in town for government agencies shopping for encryption technology. But due in part to the technological explosion in recent years, the agency is increasingly sharing technology with and buying technology from commercial vendors. Now NSA customers get a mix of government and commercial off-the-shelf technologies.

"We were, prior to the 1980s, a monopoly," Jacobs said. "The only place the government could go to get what we produced was here. Nobody else did it other than other governments, and we weren't going to use theirs." He added that technological advances spurred competition and cooperation with the commercial sector, which means many systems lack the NSA guarantee of security perfection.

"This business is taking greater risks today," he said. "There is no question about that. There's no getting around it. I don't know anyway to get around it. There is no silver bullet."