Today, the Department of Homeland Security (DHS), in partnership with the Department of Commerce’s National Institute of Standards and Technology (NIST), released a road map to help organizations protect their data and systems and to reduce risks related to the advancement of quantum computing technology.
The national security community needs to prepare now for the possibility that U.S. adversaries could develop and deploy quantum computers, which would render useless most conventional encryption algorithms, says Adrian Stanger, senior cryptographic authority, Cybersecurity Directorate, National Security Agency (NSA).
The U.S. Army’s universal, reprogrammable encryption chip is in final testing and may be destined for the service’s next-generation encryption fill device, other military services or possibly even the commercial sector.
The REprogrammable Single Chip Universal Encryptor (RESCUE) technology was developed to be a government-owned, general-purpose cryptographic module and architecture that is highly tailorable to counter emerging cryptographic threats. It uses standardized encryption algorithms designed by the National Security Agency (NSA) and the National Institute for Standards and Technology.
Because U.S. adversaries likely will be able to use quantum computers within the next several years, Defense Information Systems Agency (DISA) officials are beginning to explore quantum-resistant technologies and the role the agency might play in developing or deploying those technologies.
L3 Harris Technologies Inc., Rochester, New York, is awarded a $383,247,000 firm-fixed-price, indefinite-delivery/indefinite-quantity contract for the purchase of radio systems with National Security Agency certified Type 1 encryption, radio ancillaries, provisioning kits and required documentation for the procured High Frequency (HF) radio systems. Work will be performed in Rochester, New York. The proposed contract will provide for the procurement of L3 Harris portable HF receiver transmitters (RF-300H-MP man pack systems); vehicle-based HF systems (based around a RF-300H-MP); transit case HF systems (based around a RF-300H-MP); their ancillary components and instructor training for the Program Manager of Communications Systems.
Science Applications International Corp., Reston, Virginia, has been awarded a $23,000,000 indefinite-quantity contract. This contract is for the full rate production of the Missile Encryption Electronic Device KL-90 units. The contractor will provide KL-90 units, spare parts, engineering support, data and training in support of the U.S. missile sites. Work will be performed at Tampa, Florida, and is expected to be completed by December 29, 2022. The award is the result of a sole-source acquisition. Fiscal 2020 procurement funds are being used and no funds are being obligated at the time of award.
Four newly announced projects led by Sandia National Laboratories aim to advance quantum computing technology, according to an announcement from the laboratories.
The efforts include: a quantum computing testbed with accessible components on which industrial, academic and government researchers can run their own algorithms; a suite of test programs to measure the performance of quantum hardware; classical software to ensure reliable operation of quantum computing testbeds and coax the most utility from them; and high-level quantum algorithms that explore connections with theoretical physics, classical optimization and machine learning.
The U.S. Office of Management and Budget released a report this spring showing the abysmal state of cybersecurity in the federal government. Three-quarters of the agencies assessed were found to be “at risk” or “at high risk,” highlighting the need for a cyber overhaul. The report also noted that many agencies lacked “standardized cybersecurity processes and IT capabilities,” which affected their ability to “gain visibility and effectively combat threats.”
Researchers at the National Institute of Standards and Technology (NIST) have developed a method for generating numbers guaranteed to be random by quantum mechanics. Generating truly random numbers is one of the major challenges for quantum-based encryption and could mark a major leap in cybersecurity.
The Internet of Things (IoT) has security issues. The fundamental weakness is that it adds to the number of devices behind a network firewall that can be compromised. Not only do we need to safeguard our computers and smartphones, now we must worry about protecting our homes, vehicles, appliances, wearables and other IoT devices.
Every day, more and more government organizations are moving IT functions and data storage to the cloud. Early last month, the U.S. Department of Defense signed a multimillion-dollar contract to encourage organizations under its umbrella to move to the cloud. While the needs of public-sector entities differ from those of the private sector, there are some hard-won data security lessons corporations have learned—such as encryption key management and the use of cryptographic gateways—that can be useful for government organizations as they plan and execute a migration to the cloud.
Where some see challenges, others see opportunities. It sounds like a motivational poster, but that is exactly how researchers at the National Security Agency view the Internet of Things, or the IoT.
“We approach IoT a little differently than everybody else. Everybody’s talking about all the security problems. That’s certainly fair, but we look at IoT as an opportunity in terms of the security goals we can accomplish,” says George Coker, chief, Information Assurance Research Group, National Security Agency (NSA).
The next-generation airborne missile control system being developed by the U.S. Air Force will take advantage of modern communications and electronics systems such as software-defined radios to provide a number of capabilities, including improved cybersecurity.
The Department of Homeland Security (DHS) Science and Technology Directorate (S&T) has awarded Salt Lake City-based startup Evernym a $749,000 Small Business Innovation Program (SBIR) award to develop an easy-to-use, decentralized mechanism for managing public and private encryption keys needed for the secure and scalable deployment of blockchain technologies.
The National Institute of Standards and Technology's (NIST) benchmark for encryption modules has seen recent innovation, opening the playing field for competition.
For years, NIST’s Federal Information Processing Standards (FIPS) 140-2 validation list read like a Who’s Who of Fortune 100 technology vendors. Only those products that leverage cryptographic modules shown on the list were eligible for federal agency deployment. Until recent changes, only the deepest pockets could absorb the costs of development, testing and expensive consultants to facilitate introducing solutions into the federal marketplace.
The U.S. government is racing to identify technologies that will resist the threat from quantum computers, which will render today’s encryption obsolete.
They do not necessarily match the hero stereotype, but computer scientists improving methods of generating random numbers just may save the day when it comes to cybersecurity.
Scientists at the University of Texas at Austin have delivered a mathematical revelation that could bring a number of benefits, but improved encryption tops the list. Cybersecurity, of course, depends on encryption, which relies on random data. Although the world is full of randomness—a roll of the dice, a flip of a coin, a lottery drawing—randomness is not always equal. When studied over time, air temperatures and stock market results, for example, actually produce predictable patterns.
State-of-the-art encryption continues to defy all but the most elite codebreakers, but even exponential improvements may never catch up with rapid advances in computing. In some cases, the very technologies that enable innovative encryption solutions also could provide the key to breaking the most complex codes applied to datasets.
The increase in cyberthreats from both internal and external sources has put the onus on government agencies, particularly at the federal level, to implement strong cybersecurity architectures. While encryption is an essential component, without careful implementation, criminals easily can exploit its weaknesses, and the emerging power of quantum computing could compound the problem.
Behind the Science is an occasional series of blogs focusing on the people advancing science and technology.
George and Marlene Bachand, a married couple working at Sandia National Laboratories, have partnered on more science projects than they can recall.
Scientists at Sandia National Laboratories are searching for partners to apply technology for encrypting text within synthetic DNA. The encryption is far stronger than conventional technology and practically impossible to break, researchers say.
In September, the Sandia team wrapped up a three-year effort titled Synthetic DNA for Highly Secure Information Storage and Transmission. The project developed a new way of storing and encrypting information using DNA. The work was funded through Sandia’s internal Laboratory Directed Research and Development program.
The ability of warfighters to be mobile and nimble is not a luxury during combat operations. It is an absolute necessity. Staying ahead of the enemy or avoiding attack often means an entire command post must move, and quickly—a mammoth challenge if the command post relies on a wired communications network with cumbersome and costly cables and equipment.
Encryption software that performs many of the functions supporting military command and control networks now is easily available to the public. Not only does it match what U.S. forces use, but also it includes end-to-end encryption and can be downloaded by anyone with Internet access. At the end of 2015, estimates show that was 3.2 billion people globally.
This development brings a number of consequences. Among them, privately operated encrypted messaging has become a known unknown. Mission planners now must consider both the increased capability of widely dispersed organizations to operate anywhere under cover and the increased difficulty of penetrating these groups.
Last year proved lucrative for cyber criminals, and 2016 is shaping up to be even better, with a seemingly unsuspecting victim in the hacking crosshairs: driverless cars, according to Dell Security. In 2015, hackers carried out a massive number of breaches against organizations and government agencies in spite of the millions of dollars spent not only to safeguard networks, but also to hire security experts and train employees on proper cyber hygiene, according to the company’s annual cybersecurity report released Monday.
You’re trying to break the German Enigma machine. … It’s the greatest encryption device in history, and the Germans use it for all major communications. If the Allies broke Enigma—well, this would turn into a very short war indeed. … One hundred and fifty nine million million million possible Enigma settings. All we had to do was try each one. —Alan Turing in The Imitation Game (Weinstein Company, 2014)
Quantum encryption technology created in a national laboratory will be available this summer to government and commercial clients. The system provides faster and more cost-effective cryptographic services with long-term system security. Future iterations may be available for laptops and handheld devices, dramatically improving on-the-job communications security for first responders and other professionals who rely on communications on the go.
Physical Optics Corporation, Torrance, California, is being awarded $10,449,470 for cost-plus-fixed-fee delivery order 0006 against a previously issued Basic Ordering Agreement (N68335-12-G-0045) for a Phase III Small Business Innovation Research effort for the design, testing and delivery of data transfer units and ground encryption devices in support of the F/A-18 E/F and EA-18G. This effort includes 14 non flight-worthy (NFW) data transfer units, seven flight-worthy (FW) DTUs, 21 mission NFW removable memory devices, 25 NFW maintenance RMDs, 17 FW mission RMDs, 15 FW maintenance RMDs, nine ground encryption devices and the required cabling and software.
Encrypt tweets and send them to select groups or individuals with the scrambls app for the iPhone or iPad. The app gives you total control over your online privacy on Twitter. Simply tap tweets to instantly encrypt the text before it is sent to the cloud. Only select individuals defined at scrambls.com can read the posts. Your selected contacts need the app or the browser plug-in, and they will see the scrambled posts as clear text. Just change the group or individuals permitted to read a post based on the level of privacy you want to achieve.
What if your smartphone messages could self-destruct to ensure ultimate privacy and control over the content? No, it's not a scene from a spy movie. The newly released Wickr app for iPhone encrypts communication and permanently deletes personal data from your device. The free app provides military-grade encryption of text, picture, audio and video messages, and it gives the sender control over who can read messages and for how long. For example, a user could send a picture message but set it to self-destruct after 10 minutes. In addition, Wickr deletes all metadata from files.
L-3 Communications System West, Salt Lake City, Utah, was recently awarded a $17 million contract for 345 Type II interim encryption system kits in various configurations. U.S. Army Contracting Command, Aviation & Missile Command Contracting Center, Redstone Arsenal, Alabama, is the contracting activity.
Have you ever worried that a third party could intercept your cell phone calls or text messages? Early last week, an independent computer security researcher known as Moxie Marlinspike followed in the footsteps of Philip Zimmermann, the developer of an electronic encryption technology known as Pretty Good Privacy, and launched two apps that they claim make phones untappable. The free, public betas for Google's Android mobile platform are called RedPhone and TextSecure. The first app uses Zimmermann's open source Internet voice cryptography scheme called ZRTP to encrypt phone calls, and the latter allows users to send and receive encrypted text messages and scramble the messages stored in their inbox.
The French navy and air force are adding new encryption technology to their identification friend-or-foe (IFF) systems to reduce the chance of enemy interception and analysis. The new encryption is being applied to more than 1,000 IFF systems equipping the two services. The equipment will help ensure that links between aircraft transponders and ground-based interrogators are not read or corrupted by new interception technologies now appearing in the battlespace. The existing IFF systems receiving the encryption upgrades will be able to respond quickly and reliably in an electronic warfighting environment, company officials say.