NSA product accreditations lag behind IT security advances

The National Security Agency wants to use commercially-built security products and the latest virtualization software. But the slow pace of getting products certified through NSA channels and the lightening fast pace of change in the IT industry is causing national-security heartburn.

ORLANDO -- The National Security Agency wants to use commercially-built security products and the latest virtualization software. But the slow pace of getting products certified through NSA channels and the lightening fast pace of change in the IT industry is causing national-security heartburn.

12 White Hat hackers you should know

The high-tech spy agency, which also guides Defense Department information security, has become an enthusiastic proponent of open standards-based technologies such as Trusted Network Connect (TNC) and Trusted Platform Module (TPM) put forward by the organization Trusted Computing Group (which announced it expects to propose an end-to-end security framework for cloud computing around year-end).

This week the secretive NSA held its first conference related to its views on trusted computing. The NSA Trusted Computing Conference and Exposition in Orlando drew about 500 attendees and 39 exhibiting companies.

Michael Lamont, NSA chief of the network solutions office, noted in his keynote that since May of this year the national-security strategy has been "COTS [commercial off the shelf] first, not GOTS [government]."

Lamont said the NSA wants to influence how commercial technologies are developed, and hopes "richer collaboration could further harden national-security systems" and give commercial systems some "government-like security."

Trusted computing "will be a key enabling technology or set of technologies," said Neal Ziring, technical director, information assurance directorate, NSA, in his conference keynote address.

Ziring said the NSA, under its High Assurance Platform (HAP) program, is turning to a "deliberate reliance on commercial products for protecting even national-security information," and said "my customers are demanding mobility." In the future, NSA expects "COTS will be used to protect even the most sensitive classified information."

Products developed to adhere to the specifications of the Trusted Computing Group (TCG) are a big part of the vision.

Certification processes stall adoption

The NSA's customers are the vast U.S. military and intelligence communities that require accredited software and hardware for use in sharing information from Top Secret through Secret and down to Classified and Unclassified. Products used for "Cross Domain Solutions" for instance, which provide the ability to access or transfer information between two or more security domains, have to be examined and certified to be accepted for use. But the NSA and military-supported certification processes, such as one called Common Criteria, are slow as molasses compared to the IT industry's lightening-fast innovations.

As if to underscore that point, Ian Pratt, vice president for advanced products at Citrix Systems, gave a keynote packed with heady technical detail on new virtualization software from Citrix, including the Xen-based client hypervisor and multiple ways to run virtual machines while setting policy controls through so-called "service VMs." He explained how TCG-related technologies such as TPM would work, and added that in the future Citrix may come out with a "virtual TPM" that would run as a dedicated virtual machine.

The NSA is hearing demands from the military for high-security options built on virtualization. The first desktop virtualization-designed HAP workstation built by General Dynamics was showcased in a video to show how a VMware-based and hardened Red Hat-based workstation using TNC and TCG-compliant hardware components such as TPM, as well as Intel's TXT and TVD, can support secure domain separation.

The HAP workstation, called "Trusted Virtual Environment," is said to allow for attestation, to store system measurements reliably and keep encryption keys safe. During remote attestation, network access can be denied to machines whose identity doesn't check out and compromised HAP workstations could be blocked.

But Bill Ross, director of cybermission assurance systems, C4 systems, at General Dynamics, bluntly told the NSA conference attendees that the current fast-paced and sometimes chaotic state of industry support for TCG-related technologies, along with lengthy accreditation times for HAP, is adding up to real obstacles.

"The rapidly changing hardware environment" has led to "rapid commercial product release and obsolescence," Ross said in his keynote talk about the difficulties of cobbling together various vendor products to build TAP-approved solutions such as the HAP workstation. "We're out of sync with changes in commercial technology."

"The problems are in what I'd call the techno-political realm," he added, noting that there are difficulties in convincing partners, which today include most prominently Intel, VMware, Dell, HP and others, that the effort is warranted.

"We didn't understand what motivated them," Ross pointed out. "We'll say, 'We'll pay you.'" But he admitted he was surprised to see "that rarely worked." Sometimes they'd say they wouldn't support a project because of what they called unclear "opportunity cost." The vendors want to know that their effort for TAP and TCG will lead to wider opportunities beyond just a single TAP project.

The lengthy and cumbersome certification process known as "Secret and Below Interoperability," among others, was an obstacle.

"Bottom line is, it was a lot of growing pains to navigate through the certification process," Ross said, and "it was difficult to keep the interest on multi-year periods."

Separately, Ross said it took 18 months to get the Trusted Virtual Environment TAP-certified workstation, which allows Top Secret and below communications, through the accreditation process, which was completed last year. The Trusted Virtual Environment workstation is being used by the Special Operations Command, across multiple services including the Army as well as NSA. But he said he didn't know the exact numbers because that's kept secret.

Inside initiatives

NSA, headquartered in Ft. Meade, Md., is not given to much public interaction, particularly with the media, and is clearly struggling with conflicting desires to keep its employees well hidden while also trying to greatly influence development of security technologies in the commercial sector.

NSA allowed systems engineer Boyd Fletcher as well as Fred Leong, NSA Trusted Computing Firmware Project Lead, to discuss some of their initiatives in conference presentations where press was in attendance.

Fletcher described efforts to help develop cross-domain solutions (CDS) in a virtualized environment based on Type 1 hypervisors in particular. Military data centers and in-the-field military are clamoring for virtualization options, and the benefits of virtualization are clear, he said.

The NSA still advocated that CDS run on a trusted operating system, and "maybe in the future will run on a trusted hypervisor," he said. But virtualization promises to help eliminate a lot of the manual labor associated with having administrators physically touching hardware associated with traditional CDS today.

Virtualization's remote console capability could allow for "live migration over thousands of miles, if necessary." But if that transition occurs, system management security will grow in importance, as well as looking at technologies such as network-address translation to make sure cloned CDs don't all have the same IP address, he pointed out.

But Fletcher acknowledged the accreditation process, which can take up to two years, isn't making change simple for CDS.

In addition, Fletcher is helping craft what are called "Virtualization Security Requirements" for use by developers and others, as well as a "Virtualization Security Controls Profile" aimed at analyzing security capabilities in assorted virtual machines, including hardware, which is expected to be contributed to the fourth revision of the 800-53 security requirements document published by the National Institute of Standards and Technology.

Fletcher also said his group expects to have what's called a "Virtualization Protection Profile" for hypervisor and management that would constitute "security targets" that vendors could strive for as part of Common Criteria and the National Information Assurance Partnership program which administers the Common Criteria evaluations in the U.S.

NSA's security experts also appear ready to intercede when they think there's a problem brewing. Various security researchers have shown how it's possible to compromise computers through potential zero-day attacks on the System Management Mode (SMM), which is present in most x86 processors today, Leong said.

In his presentation, Leong alluded to work by Invisible Things Lab and others, which have made the case that rootkits can be dropped by an attacker via SMM.

Leong said the NSA is preparing a mitigation called the SMI Transfer Monitor (STM) to basically replace the current SMI Handler for SMM.

This would basically "sandbox the SMM code," said Leong, noting Intel is working with NSA on it and "Dell has actually modified its BIOS to support this." Sandia National Labs is assisting in testing of STM, and "there will be some performance overhead for doing this," he said.

Even as NSA strives to influence industry development of virtualization and TCG-related technologies, the agency is grappling with how far it will go to push for a TAP mandate oriented toward national-security-related IT purchasing.

In his keynote address, Neil Kittleson, Trusted Computing Portfolio Manager at the NSA's Central Security Service Commercial Solutions Center, said "we need HAP," which has been forward in various reference implementations. The push for next year is advocacy of some kind of policy directive around HAP and technologies based on specifications from the Trusted Computing Group. He added, "Once we advocate these things, we have to deploy."

Read more about wide area network in Network World's Wide Area Network section.

Join the PC World newsletter!

Error: Please check your email address.

Tags securityTrusted Computing Group

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Ellen Messmer

Network World
Show Comments

Most Popular Reviews

Latest News Articles


PCW Evaluation Team

Azadeh Williams

HP OfficeJet Pro 8730

A smarter way to print for busy small business owners, combining speedy printing with scanning and copying, making it easier to produce high quality documents and images at a touch of a button.

Andrew Grant

HP OfficeJet Pro 8730

I've had a multifunction printer in the office going on 10 years now. It was a neat bit of kit back in the day -- print, copy, scan, fax -- when printing over WiFi felt a bit like magic. It’s seen better days though and an upgrade’s well overdue. This HP OfficeJet Pro 8730 looks like it ticks all the same boxes: print, copy, scan, and fax. (Really? Does anyone fax anything any more? I guess it's good to know the facility’s there, just in case.) Printing over WiFi is more-or- less standard these days.

Ed Dawson

HP OfficeJet Pro 8730

As a freelance writer who is always on the go, I like my technology to be both efficient and effective so I can do my job well. The HP OfficeJet Pro 8730 Inkjet Printer ticks all the boxes in terms of form factor, performance and user interface.

Michael Hargreaves

Windows 10 for Business / Dell XPS 13

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Aysha Strobbe

Windows 10 / HP Spectre x360

Ultimately, I think the Windows 10 environment is excellent for me as it caters for so many different uses. The inclusion of the Xbox app is also great for when you need some downtime too!

Mark Escubio

Windows 10 / Lenovo Yoga 910

For me, the Xbox Play Anywhere is a great new feature as it allows you to play your current Xbox games with higher resolutions and better graphics without forking out extra cash for another copy. Although available titles are still scarce, but I’m sure it will grow in time.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?