The National Security Agency’s (NSA) transition to an open architecture for the communications systems it uses worldwide is allowing it to expand its capability footprint at less cost but it has also raised the issue of keeping these systems secure, an agency official said on Tuesday.
The NSA currently uses a closed network of vendors to help it ensure the security of the systems it acquires but the agency’s adoption of open architecture standards the past several years is affording it the opportunity to go beyond its traditional contractor base to potentially using “uncleared vendors,” James Thompson, chief of Collection and Bridging Solutions at NSA, said at Defense Daily’s annual Open Architecture Summit.
But this raises the issue of security, Thompson said.
“How do I know their supply chain is secure?” Thompson said. “How do I trust that supply chain? In some ways you may not, you’re going to have to do that security piece on your own. We’re just starting to look at that.”
The NSA’s goal is to “leverage an expanded community, which means I’ve separated the IP development from the security practices so I’ll have to bring them together somewhere else in the architecture,” Thompson said. He believes that ultimately he can bring the costs of security down as well as the price point of the modules the agency buys that get plugged into its architecture as the NSA expands its vendor base.
“Security was one of the big challenges that we had when we went open,” Thompson said. “Security is one of those areas that will only become bigger not smaller in terms of people’s interactions with open standards and frameworks and the appetite for security will only increase as we go forward.”
Thompson said he’s been able to reduce his budget 25 percent while increasing global footprint with applications to keep up with targets “in timeframes measured in months” versus about two years previously by employing open architecture tools.
“It took us five years to get there architecturally,” Thompson said, adding that the process has been worth it.
Another lesson learned on the road to open architectures is the need for “friends” to help “push it forward…and help build the community and keep it vibrant,” Thompson said. Along the way the technology challenge wasn’t the hurdle but rather culture, he said, adding it “continues to be one of the bigger struggles.”
And this means it’s a “leadership challenge,” Thompson said.
Having groups that come together and keep open architecture at the fore most of the time is important, Thompson said. To help here, NSA is looking at creating a consortium to help with maintaining standards and providing governance.
Such a consortium will have to strike the right balance of participation among government, industry and academia, Thompson said.
The standard that NSA developed and opened to the public for input is called Redhawk. NSA is now on version 2.0 of the standard.
Thompson said that his agency is talking with the undersecretary of Defense for Intelligence to establishing an architectural baseline that could useful for the military services.