National Security Agency Opens Up - InformationWeek
IoT
IoT
Infrastructure // PC & Servers
Commentary
3/3/2005
05:52 PM
50%
50%
RELATED EVENTS
[Best Practices] Managing Multiple Clouds
Jul 26, 2017
Putting all your eggs in one cloud basket is risky, because clouds are not immune to denials of se ...Read More>>

National Security Agency Opens Up

Right about now, the National Security Agency is feeling pretty good about its decision to use open source as the medium through which the agency is evangelizing improved security technology. NSA's SELinux technology is gaining traction and the agency, like many other areas of the government, is realizing that it needs to team with industry to meet tomorrow's technology challenges.

Right about now, the National Security Agency is feeling pretty good about its decision to use open source as the medium through which the agency is evangelizing improved security technology. NSA's SELinux technology is gaining traction and the agency, like many other areas of the government, is realizing that it needs to team with industry to meet tomorrow's technology challenges.Although NSA is essentially a product of the Cold War, the agency's role today is to stimulate new security technologies that can be used throughout government and private industry. "We're working with the private sector to give the country the security it needs," Dickie George, technical director of NSA's Information Assurance Directorate, said Thursday at an SELinux symposium held in Silver Spring, Md.

The United States' ability to protect information has always been NSA's mission, from the day the agency opened its doors in 1952. Back then, NSA focused mainly on providing cryptographic technology that the government and military used to keep secrets.

NSA's role in developing SELinux reflects an evolved approach to information security. But what does it say about the agency that it's looking to the open-source community for answers to today's complex security challenges? (This after first developing mandatory access control technology through a number of closed prototype operating systems, including Distributed Trusted Mach, Distributed Trusted Operating System, and Flux Advanced Security Kernel, or Flask).

The agency also acknowledges that technology can only do so much to protect a system from its own users. "How do you secure a system against someone you've trusted?" George asked during Thursday's opening session. One way is to implement security that limits any damage that can be caused by malicious users, a characteristic found in SELinux.

George made it clear that the agency can't accomplish its mission without making use of commercial off-the-shelf software (COTS, in public-sector parlance). "We can't rely (solely) on cleared U.S. citizens hired by the government to do all of the technology development work," he said. Which is why the agency, much like the Federal Bureau of Investigation and other areas of the government are seeing the value of COTS.

"We cannot compete with the private-sector, in terms of technology development, which is why we do something like SELinux," George said. "It provides guidance for the technology that's used by the country's industry." In fact, NSA launched its SELinux project as a way to demonstrate to technology users what could be done in the area of security.

With future versions of SELinux are expected to offer higher levels of security, even support for multi-level security, there's a lot of critical infrastructure out there counting on NSA's success - bringing sophisticated security to the market without the heavy price tag.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
IT Strategies to Conquer the Cloud
Chances are your organization is adopting cloud computing in one way or another -- or in multiple ways. Understanding the skills you need and how cloud affects IT operations and networking will help you adapt.
Video
Slideshows
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll