The NSA/CSS encourages businesses, educational institutions, and government agencies to advance research and standardization efforts to ensure that secure information systems are designed. The NSA/CSS also distributes information about issues dealing with secure computing. It does this in part by holding an annual National Information Systems Security Conference.

On February 15, 2005, President George W. Bush announced that he was considering making the NSA the online traffic police for helping agencies to share homeland security information in a secure fashion across government computer networks. To this end, on March 2, 2005, the NSA presented its recommendations for securing U.S. government sensitive and unclassified documents. Elliptic Curve Cryptography (ECC), a public key cryptosystem produced by Canadian company Certicom Security Architecture, was recommended by the NSA to assist in this regard.

ECCÂ’s advanced cryptography algorithms known as Suite B were of particular interest to the NSA. The public key protocols included in Suite B were Elliptic Curve Menezes-Qu-Vanstone (ECMAQ) and Elliptic Curve Diffie-Hellman (ECDH) for key agreement. The Elliptic Curve Digital Signature Algorithm (ECDSA) was included for authentication. The Advanced Encryption Standard (AES) for data encryption and SHA for hashing were also part of the recommended suite.

Other countries besides the United States are becoming concerned about cyber security for government documents. For example, during the week of February 15, 2005, the Auditor General for Canada, Sheila Fraser, warned that federal agents in Canada are failing to keep up with the crackers, making confidential government documents vulnerable. Fraser said that she was disappointed that the Canadian government did not meet its own minimum standards for IT security, despite the fact that guidelines had been available for almost a decade.

As a case in point cited by Fraser, in May, 2004, the Treasury Board Secretariat surveyed 90 government departments and found that of the 46 departments that responded, only one agency met the minimum requirements of the Canadian governmentÂ’s security policy and related online standards. Even worse, the survey results showed that 16% of the departments did not have any information security policy, and more than 25% of the departments did not have a policy requiring a plan to keep critical systems and services running if a major cyber attack or power blackout occurred.

See Also: Algorithm; Diffie-Hellman Public-Key Algorithm (DH); Digital Signature; Encryption or Encipher; National Security Agency (NSA).