A U.S. government group in the National Security Agency (NSA) that assesses computing equipment for high-security applications to make sure that the firms processing classified and sensitive information are using trusted computer systems and parts. NCSC was started in 1981 as the Department of Defense Computer Security Center. It received its current name of NSA/CSS in 1985.
The NSA/CSS encourages businesses, educational institutions, and government agencies to advance research and standardization efforts to ensure that secure information systems are designed. The NSA/CSS also distributes information about issues dealing with secure computing. It does this in part by holding an annual National Information Systems Security Conference.
On February 15, 2005, President George W. Bush announced that he was considering making the NSA the online traffic police for helping agencies to share homeland security information in a secure fashion across government computer networks. To this end, on March 2, 2005, the NSA presented its recommendations for securing U.S. government sensitive and unclassified documents. Elliptic Curve Cryptography (ECC), a public key cryptosystem produced by Canadian company Certicom Security Architecture, was recommended by the NSA to assist in this regard.
ECC’s advanced cryptography algorithms known as Suite B were of particular interest to the NSA. The public key protocols included in Suite B were Elliptic Curve Menezes-Qu-Vanstone (ECMAQ) and Elliptic Curve Diffie-Hellman (ECDH) for key agreement. The Elliptic Curve Digital Signature Algorithm (ECDSA) was included for authentication. The Advanced Encryption Standard (AES) for data encryption and SHA for hashing were also part of the recommended suite.
Other countries besides the United States are becoming concerned about cyber security for government documents. For example, during the week of February 15, 2005, the Auditor General for Canada, Sheila Fraser, warned that federal agents in Canada are failing to keep up with the crackers, making confidential government documents vulnerable. Fraser said that she was disappointed that the Canadian government did not meet its own minimum standards for IT security, despite the fact that guidelines had been available for almost a decade.
As a case in point cited by Fraser, in May, 2004, the Treasury Board Secretariat surveyed 90 government departments and found that of the 46 departments that responded, only one agency met the minimum requirements of the Canadian government’s security policy and related online standards. Even worse, the survey results showed that 16% of the departments did not have any information security policy, and more than 25% of the departments did not have a policy requiring a plan to keep critical systems and services running if a major cyber attack or power blackout occurred.
Bridis, T. White House Eyes NSA for Network ‘Traffic Cop.’ [Online, February 15, 2005.] The Washington Post Website. http://www.washingtonpost.com/wp-dyn/ articles/A25583-2005Feb15.html; Canoe Inc. Security Gaps in Federal Computers. [Online, February 15, 2005.] Canoe Inc. Website. http://cnews.canoe.ca/CNEWA/Canada/2005/ 02/15/931808-cp.html; TechTarget. National Computer Security Center. [Online, February 2, 2001.] TechTarget Website. http://searchsecurity.techtarget.com/gDefinition/0,294236,sid14_ gci519382,00.html; The Globe and Mail. U.S. Government to Rely on Canadian Cryptography. [Online, March 2, 2005.] The Globe and Mail Website. http://www.globetechnology.com/ servlet/story/RTGAM.20050302.gtcrypto0303/BNStory/Technology/.