NSA taps vendors for encryption

A Defense Department analyst at the Pentagon is working on a top-secret case and needs to quickly exchange a large amount of information with a colleague in the intelligence community on the other side of the country. But the only tools available that are fast enough to accommodate the data transfer are commercial IP-based networks.

Today, analysts have reached an impasse. But the National Security Agency is working to break that roadblock.

NSA recently selected three vendor teams to compete to develop Gigabit Ethernet encryptors (GigEE) to support the secure exchange of top-secret information via commercial IP-based, wide-area networks at speeds of at least 1 gigabit/sec — the equivalent of 48,000 typewritten pages per second.

ViaSat Inc., L-3 Communications and General Dynamics C4 Systems each recently received 30-month, $10 million development contracts, and all are competing for future production awards, said an NSA spokesperson.

"Under this strategy, vendors will continue to evolve their products on their own and delineate them from their competitors," the spokesperson said. "As a result, customers will have the ability to pick the product that best meets their requirements."

All three companies are developing their tools in compliance with NSA's High Assurance IP Interoperability Specification (HAIPIS), which will ensure interoperability with all future generations of IP encryptors developed for government agencies. All three 30-month contracts were awarded Aug. 26, and each of the developers is on its own development timeline, according to NSA.

"The GigEE will be as transparent as possible to the network in which it is connected while still providing the necessary security features," the NSA spokesperson said. "It will provide the security services of confidentiality, data integrity and authentication and will be designed to support the Type 1 security classifications up to top secret."

John Pescatore, research director for network security at Gartner Inc., said today's Gigabit Ethernet encryption technology can handle the speed and top- secret security requirements, but it is expensive. Furthermore, managing encryption keys is problematic.

"The security and speed issues aren't all that hard to solve," Pescatore said. "The real challenge is building the hardware at an affordable price and sticking to pure TCP/IP standards such that the encryption can be totally transparent to operating systems and applications."

Currently, Gigabit Ethernet Network Interface Cards (NICs) cost less than $300 and prices are still dropping, but "if encrypting NICs cost a lot more than that, they will never get adopted outside of the DOD/intelligence market," he said.

"Key management is still a big issue — how do you get the keys out to all the encryptors?" he said. "At the NIC level, this can be done over the network, once keys are established, but getting keys established in every PC and server will require key management functions."

Under the GigEE program, L-3 will expand its Secure Terminal Equipment and OMNI families of secure communications products, said Gregory Roberts, president of L-3 Communication Systems-East. "With our own internal R&D funding in the GigEE program, L-3 plans to expand the capabilities of our product offerings in both features [and] satisfy the increasing demand for classified bandwidth for the warfighter and their support infrastructure."

General Dynamics and ViaSat, which has supplied IP encryption hardware to the Navy, are the front-runners in GigEE development, Pescatore said. "L-3 would probably be the dark horse."

***

Vendor offerings

ViaSat Inc.'s Type 1 IP In-line Network Encryptor will advance current static hardware products with a reprogrammable architecture that enables the device to accept new features and upgrades in the future, said Jerry Goodwin, network systems director for ViaSat.

General Dynamics C4 Systems' first Gigabit Ethernet encryptor (GigEE) prototype will be delivered in the fourth quarter of 2004 and will carry forward designs developed for the company's IP-based and Asynchronous Transfer Mode Taclane and Fastlane encryptors, said Dick Perreault, General Dynamics Trusted Network Solutions vice president and general manager.

L-3 Communications' GigEE solution is based on the company's current product line of 100 megabits/sec high-assurance in-line encryptor products, said Gregory Roberts, president of L-3 Communication Systems-East.