Your search keyword '"United States National Security Agency"' showing total 552 results

1. NSA honors two Cryptologia board members

Author

John A. Tokar

Subjects

business.industry, Applied Mathematics, Law, Honor, Political science, ComputingMethodologies_SYMBOLICANDALGEBRAICMANIPULATION, Tribute, ComputingMilieux_LEGALASPECTSOFCOMPUTING, United States National Security Agency, business, Computer Science Applications

Abstract

The Cryptologic Hall of Honor is an important part of the National Security Agency’s heritage program and pays tribute to those who have made extraordinarily important contributions to America’s na...

Published

2021

2. A Study in Complexity: Unintended Consequences of Multiple Stakeholders in the U.S. Presidential Election Process

Author

Sheila R. Ronis and Richard Jonathan Chasdi

Subjects

Information Systems and Management, Sociology and Political Science, Presidential election, Process (engineering), business.industry, Unintended consequences, Homeland security, ComputingMilieux_LEGALASPECTSOFCOMPUTING, Public administration, United States National Security Agency, Cyberwarfare, Political science, Political Science and International Relations, ComputingMilieux_COMPUTERSANDSOCIETY, business, ComputingMilieux_MISCELLANEOUS

Abstract

In 2023, 3 years after the 2020 U.S. Presidential election, a select group of senior intelligence analysts from the National Security Agency (NSA), Department of Homeland Security (DHS), and the Of...

Published

2020

3. Chilling effects and the stock market response to the Snowden revelations

Author

Abm Nasir, Mohsen Farhadloo, and Mark A. Rosso

Subjects

Sociology and Political Science, Cointegration, business.industry, Communication, 05 social sciences, Financial system, 02 engineering and technology, United States National Security Agency, Revelation, 020204 information systems, 0502 economics and business, 0202 electrical engineering, electronic engineering, information engineering, Stock market, The Internet, 050207 economics, business

Abstract

This study analyzes the changes in individuals’ Internet search behavior and economic variables following Edward Snowden’s revelation of National Security Agency (NSA) surveillance activities of global Internet communications. We refer to the abrupt changes in individual search behavior beginning in June 2013 following Snowden’s revelations as the “Snowden effect.” The “Snowden effect” is a form of chilling effect. Using data from a unique search engine, DuckDuckGo, we show that chilling effects indeed exist. However, further analysis including the stock prices of the largest cybersecurity companies demonstrate a muted market response to the revelations, while cybersecurity spending data suggest resulting economic harm in the form of increased opportunity costs of buyers of cybersecurity services.

Published

2020

4. The Ford Administration, the National Security Agency, and the 'Year of Intelligence': Constructing a New Legal Framework for Intelligence

Author

Peter Roady

Subjects

National security, Public Administration, Sociology and Political Science, business.industry, 05 social sciences, Happening, Legislation, 06 humanities and the arts, Principle of legality, Public administration, United States National Security Agency, 0506 political science, 060104 history, Formative assessment, Political science, Legal opinion, 050602 political science & public administration, 0601 history and archaeology, business, Administration (government)

Abstract

In the mid-1970s, Congress and the judiciary moved to regulate the National Security Agency (NSA) at a moment when such regulation might have restricted the growth of electronic surveillance. The Ford administration played a crucial role in preventing that from happening. It did so by controlling the flow of intelligence information to Congress and by establishing a flexible new legal framework for intelligence based on broad executive orders, narrow legislation, and legal opinions written by executive branch lawyers. This framework fostered a perception of legality that headed off calls for comprehensive legislation governing intelligence. The Ford administration’s actions protected NSA from meaningful regulation, preserved the growth of electronic surveillance, and sustained executive branch preeminence in national security affairs. The episode proved formative for the Ford administration officials involved—including Dick Cheney, Donald Rumsfeld, and Antonin Scalia—and solidified the central role of executive branch lawyers in national security policymaking.

Published

2020

5. Operation 'Olympic Games.' Cyber-sabotage as a tool of American intelligence aimed at counteracting the development of Iran’s nuclear programme

Author

Mariusz Antoni Kamiński

Subjects

Knowledge management, lcsh:Military Science, business.industry, lcsh:U, Military intelligence, operation olympic games, stuxnet, Operation Olympic Games, intelligence, United States National Security Agency, Stuxnet, Critical infrastructure, Politics, unit 8200, Scale (social sciences), nsa, Cyber-attack, Business

Abstract

The purpose of the article is to analyse Operation “Olympic Games” including, in particular, to indicate the political background to the activities aimed at preventing the development of Iran’s nuclear programme, and to examine the preparation and conduct of the operation, the involvement of the US and Israeli intelligence services, and the use of intelligence methods and sources. An equally important objective is to indicate the real consequences of the cyberattack with the Stuxnet virus. In the research process, a critical analysis of literature in the field of Intelligence Studies and source materials (including legal acts, strategies, reports, and other official studies of the entities forming the US Intelligence Community) was carried out. The example of Operation Olympics Games shows that complex cyber-sabotage operations resulting in the destruction of critical infrastructure on a large scale require the involvement of numerous state resources and advanced cyber activities, and the use of many different methods and intelligence sources. Thus, strong states with well-developed intelligence capabilities are much more capable of effectively using cyber-sabotage on a large scale.

Published

2020

6. Sources and methods for cryptologic history: NSA.gov - a tour through its history and resources

Author

Sarah Parsons

Subjects

business.industry, Applied Mathematics, Internet privacy, Business, Declassification, United States National Security Agency, Transparency (behavior), Computer Science Applications

Abstract

In 2020, the National Security Agency will celebrate 25 years of its presence on the World Wide Web at www.NSA.gov. This article will provide a brief history of its development and evolution, payin...

Published

2020

7. Queens of Code

Author

Eileen Buckholtz

Subjects

History and Philosophy of Science, General Computer Science, Computer science, Engineering profession, business.industry, Code (cryptography), Information technology, NIST, Cryptography, Software engineering, business, United States National Security Agency

Published

2020

8. Guidelines on Minimum Standards for Developer Verification of Software

Author

Barbara Guttman, Paul E. Black, and Vadim Okun

Subjects

Test case, Software, business.industry, Computer science, Threat model, Web application, NIST, Fuzz testing, business, Software engineering, United States National Security Agency, Software verification

Abstract

Executive Order (EO) 14028, "Improving the Nation's Cybersecurity," 12 May 2021, directs the National Institute of Standards and Technology (NIST) to recommend minimum standards for software testing within 60 days. This document describes eleven recommendations for software verification techniques as well as providing supplemental information about the techniques and references for further information. It recommends the following techniques: Threat modeling to look for design-level security issues Automated testing for consistency and to minimize human effort Static code scanning to look for top bugs Heuristic tools to look for possible hardcoded secrets Use of built-in checks and protections "Black box" test cases Code-based structural test cases Historical test cases Fuzzing Web app scanners, if applicable Address included code (libraries, packages, services) The document does not address the totality of software verification, but instead recommends techniques that are broadly applicable and form the minimum standards. The document was developed by NIST in consultation with the National Security Agency. Additionally, we received input from numerous outside organizations through papers submitted to a NIST workshop on the Executive Order held in early June, 2021 and discussion at the workshop as well as follow up with several of the submitters.

Published

2021

9. An Investigation of Online Reverse Engineering Community Discussions in the Context of Ghidra

Author

Mary Nicole Dugay Punzalan, Michelle L. Mazurek, Yla R. Tausczik, Seth M. Rabin, and Daniel Votipka

Subjects

Reverse engineering, Point (typography), Computer science, business.industry, Knowledge engineering, Context (language use), Sensemaking, computer.software_genre, United States National Security Agency, Data science, Task (project management), Work (electrical), business, computer

Abstract

Reverse engineering is a complex task. As with many other expert tasks, reverse engineers rely on colleagues and the broader reverse engineering community to provide guidance and develop knowledge necessary to achieve their goals. For example, it is common for reverse engineers to reach out for help to understand and effectively use new tools. Thus far, however, there has been limited investigation of the way knowledge is developed in this community and new tools are adopted. This paper takes a first step toward understanding reverse engineering community dynamics around tool adoption, using the release of the National Security Agency's Ghidra reverse engineering framework as a point of focus. In this paper, we review discussions about Ghidra to identify what features reverse engineers are most interested in, how reverse engineers develop knowledge about Ghidra together online, and whether these dynamics differ between forums. In total, we analyze 1590 reverse engineering discussions between 688 reverse engineers over 3 forums (i.e., Twitter, Reddit, and StackExchange). Our results suggest reverse engineers are most interested in features that allow them to customize Ghidra. We also observe limited evidence of collective sensemaking on the forums, with few reverse engineers participating in multiple discussions threads and most acting as either knowledge producers or consumers. Finally, we found that the forums operated similarly, but Twitter was most often used to announce information (e.g., tutorial links, tool overviews, vulnerabilities in Ghidra) and reverse engineers used StackExchange mostly to get support for specific problems. Reddit acted as a middle option. Based on these results, we make recommendations to improve reverse engineering tool development, improve community participation during adoption, and suggest directions for future work.

Published

2021

10. The spy in Moscow station a counterspy’s hunt for a deadly Cold War threat

Author

Berenice Burnett

Subjects

History, business.industry, Political Science and International Relations, Cold war, Economic history, Biography, United States National Security Agency, business, Period (music)

Abstract

This is Dr Eric Haseltine’s first book on intelligence; he worked for the National Security Agency (NSA) for three years in the period after 11 September 2001. This is not an autobiography of his t...

Published

2020

11. Stopping the spies: constructing and resisting the surveillance state in South Africa

Author

Rachel Adams

Subjects

Sociology and Political Science, State (polity), business.industry, Political science, media_common.quotation_subject, Journalism, Public administration, United States National Security Agency, business, Law, media_common

Abstract

In 2013, the world shuddered as the revelations of Edward Snowden about the mass surveillance practices of the US National Security Agency (NSA) and Five Eyes1 were revealed through the journalism ...

Published

2019

12. Risk and the Five Hard Problems of Cybersecurity

Author

Allison C. Reilly, Paul L. Goethals, Michel Cukier, and Natalie M. Scala

Subjects

Risk analysis, 021110 strategic, defence & security studies, Computer science, business.industry, 0211 other engineering and technologies, 02 engineering and technology, 010501 environmental sciences, Computer security, computer.software_genre, United States National Security Agency, 01 natural sciences, Field (computer science), Software deployment, Composability, Physiology (medical), Scalability, Business intelligence, Realm, Safety, Risk, Reliability and Quality, business, computer, 0105 earth and related environmental sciences

Abstract

This perspectives article addresses risk in cyber defense and identifies opportunities to incorporate risk analysis principles into the cybersecurity field. The Science of Security (SoS) initiative at the National Security Agency seeks to further and promote interdisciplinary research in cybersecurity. SoS organizes its research into the Five Hard Problems (5HP): (1) scalability and composability; (2) policy-governed secure collaboration; (3) security-metrics-driven evaluation, design, development, and deployment; (4) resilient architectures; and (5) understanding and accounting for human behavior. However, a vast majority of the research sponsored by SoS does not consider risk and when it does so, only implicitly. Therefore, we identify opportunities for risk analysis in each hard problem and propose approaches to address these objectives. Such collaborations between risk and cybersecurity researchers will enable growth and insight in both fields, as risk analysts may apply existing methodology in a new realm, while the cybersecurity community benefits from accepted practices for describing, quantifying, working with, and mitigating risk.

Published

2019

13. ‘Everywhere Surveillance’: Global Surveillance Regimes as Techno-Securitization

Author

Patrick Petit

Subjects

Cultural Studies, Health (social science), Sociology and Political Science, business.industry, 05 social sciences, 0507 social and economic geography, Biomedical Engineering, 050905 science studies, United States National Security Agency, History and Philosophy of Science, Economy, Political science, Assemblage (archaeology), Securitization, 0509 other social sciences, business, 050703 geography, Biotechnology

Abstract

The Snowden leaks revealed how surveillance agencies conduct surveillance along all geographical scales, from the global to the local. A close look at National Security Agency (NSA) surveillance in...

Published

2019

14. Too Many Secrets? When Should the Intelligence Community be Allowed to Keep Secrets?

Author

Bellaby, R.

Subjects

Just war theory, Sociology and Political Science, business.industry, Torture, Law, Political science, 05 social sciences, 050602 political science & public administration, Central intelligence agency, United States National Security Agency, business, 0506 political science

Abstract

In recent years, revelations regarding reports of torture by the U.S. Central Intelligence Agency and the quiet growth of the National Security Agency’s pervasive cyber-surveillance system have brought into doubt the level of trust afforded to the intelligence community. The question of its trustworthiness requires determining how much secrecy it should enjoy and what mechanisms should be employed to detect and prevent future abuse. My argument is not a call for complete transparency, however, as secret intelligence does play an important and ethical role in society. Rather, I argue that existing systems built on a prioritization of democratic assumptions are fundamentally ill-equipped for dealing with the particular challenge of intelligence secrecy. As the necessary circle of secrecy is extended, political actors are insulated from the very public gaze that ensures they are working in line with the political community’s best interests. Therefore, a new framework needs to be developed, one that this article argues should be based on the just war tradition, where the principles of just cause, legitimate authority, last resort, proportionality, and discrimination are able to balance the secrecy that the intelligence community needs in order to detect and prevent threats with the harm that too much or incorrect secrecy can cause to people.

Published

2019

15. Applying Software Assurance and Cybersecurity NICE Job Tasks through Secure Software Engineering Labs

Author

Pedro Taveras, Danielle Taylor, and Maurice Dawson

Subjects

business.industry, Computer science, media_common.quotation_subject, Homeland security, Vulnerability, 020206 networking & telecommunications, 02 engineering and technology, United States National Security Agency, Computer security, computer.software_genre, Experiential learning, Software, Excellence, 0202 electrical engineering, electronic engineering, information engineering, General Earth and Planetary Sciences, 020201 artificial intelligence & image processing, business, Software engineering, computer, General Environmental Science, Software assurance, media_common

Abstract

To meet growing demands in the United States market for cybersecurity professionals, the National Security Agency and Department of Homeland Security have jointly established the National Center for Academic Excellence. Until recently, cybersecurity efforts were focused on securing the network. However, numerous studies have revealed that significant vulnerabilities have been found within the software code. To teach programmers and software engineers having secure software engineering labs is critical. Experiential learning is the cornerstone of cybersecurity education. Laboratory exercises provide critical value to students. Real-world, malicious actors use varying tactics and techniques for cyber-attacks. Laboratory environments should mirror this dynamism, and students should be exposed to various tools and mitigation strategies.

Published

2019

16. Horst Feistel: the inventor of LUCIFER, the cryptographic algorithm that changed cryptology

Author

Alan G. Konheim

Subjects

Computer Networks and Communications, business.industry, Cryptography, 0102 computer and information sciences, 02 engineering and technology, Encryption, United States National Security Agency, 01 natural sciences, 020202 computer hardware & architecture, Public-key cryptography, Credit card, 010201 computation theory & mathematics, Secrecy, 0202 electrical engineering, electronic engineering, information engineering, Signals intelligence, IBM, business, Algorithm, Software

Abstract

This paper documents the early life of Horst Feistel, in particular, the events shaping his career. His creativity led to the development of today’s high-grade cryptographic algorithms. We describe Feistel’s successful escape from Nazi Germany, his university training in physics in Zurich and in Boston, and the career change to cryptography. Feistel became a Research Staff Member at the IBM Thomas J. Watson Research Center in Yorktown Heights, New York, in 1968. The cryptographic algorithm LUCIFER encrypts data to secure their contents. It embodies the ideas intrinsic in Feistel’s 1971 IBM patent. Claude Shannon’s 1949 prescription for achieving ideal secrecy was the basis for LUCIFER and its successors DES, 3DES and AES. DES authenticated transactions in the automated teller machine system developed by IBM as part of the Lloyds Bank Cashpoint System in England. Public key cryptography and advances in communication networks would provide a means to secure credit card transactions and lead to a lucrative environment for E-Commerce. The availability of high-grade encryption appears to have drastically limited the National Security Agency’s Signals Intelligence mission. The Department of Justice’s dispute with Apple’s iPhone is an attempt to restrict the commercial availability of high-grade encryption algorithms. It signals the struggle between privacy and national security.

Published

2018

17. Creating a Multifarious Cyber Science Major

Author

Jean R. S. Blair, C. M. Chewar, Rob Harrison, R. W. Blaine, James J. Raftery, and Edward Sobiesk

Subjects

Process (engineering), Computer science, business.industry, 05 social sciences, Cyber-physical system, 050301 education, 02 engineering and technology, Benchmarking, United States National Security Agency, 020204 information systems, 0202 electrical engineering, electronic engineering, information engineering, Curriculum development, Engineering ethics, Cyberspace, business, 0503 education, Curriculum, Discipline

Abstract

Existing approaches to computing-based cyber undergraduate majors typically take one of two forms: a broad exploration of both technical and human aspects, or a deep technical exploration of a single discipline relevant to cybersecurity. This paper describes the creation of a third approach--a multifarious major, consistent with Cybersecurity Curricula 2017, the ABET Cybersecurity Program Criteria, and the National Security Agency Center for Academic Excellence--Cyber Operations criteria. Our novel curriculum relies on a 10-course common foundation extended by one of five possible concentrations, each of which is delivered through a disciplinary lens and specialized into a highly relevant computing interest area serving society's diverse cyber needs. The journey began years ago when we infused cybersecurity education throughout our programs, seeking to keep offerings and extracurricular activities relevant in society's increasingly complex relationship with cyberspace. This paper details the overarching design principles, decision-making process, benchmarking, and feedback elicitation activities. A surprising key step was merging several curricula proposals into a single hybrid option. The new major attracted a strong initial cohort, meeting our enrollment goals and exceeding our diversity goals. We provide several recommendations for any institution embarking on a process of designing a new cyber-named major.

Published

2021

18. Mass surveillance: A study of past practices and technologies to predict future directions

Author

Hossein Saiedian and Ben Underwood

Subjects

Computer science, business.industry, Internet privacy, General Engineering, United States National Security Agency, business, Mobile device

Published

2021

19. An Account of the ISO/IEC Standardization of the Simon and Speck Block Cipher Families

Author

Tomer Ashur and Atul Luykx

Subjects

Lightweight cryptography, Standardization, Symmetric-key algorithm, business.industry, Computer science, Cryptography, business, United States National Security Agency, Computer security, computer.software_genre, computer, Block cipher

Abstract

Simon and Speck are two block cipher families published in 2013 by the US National Security Agency (NSA). These block ciphers, targeting lightweight applications, were suggested in 2015 to be included in ISO/IEC 29192-2 Information technology—Security techniques—Lightweight cryptography—Part 2: Block ciphers. Following 3.5 years of deliberations within ISO/IEC JTC 1 they were rejected in April 2018. This chapter provides an account of the ISO/IEC standardization process for Simon and Speck.

Published

2021

20. Designing an Internet-of-Things Laboratory to Improve Student Understanding of Secure Embedded Systems

Author

A. R. Rao, Nagasravani Recharla, and Kavita Mishra

Subjects

ComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMS, Engineering, Engineering management, ComputingMilieux_THECOMPUTINGPROFESSION, business.industry, Workforce, ComputingMilieux_COMPUTERSANDEDUCATION, Curriculum development, ComputingMilieux_LEGALASPECTSOFCOMPUTING, business, United States National Security Agency, Internet of Things

Abstract

In the U.S., the Department of Defense and the National Security Agency are taking steps to build cybersecurity capacity through workforce training and education. We describe the development of cybersecurity education courseware for internet-of-things (IoT) applications.

Published

2020

21. Intelligence and security

Author

Andrew Moran

Subjects

Work (electrical), business.industry, Political science, Espionage, Counterintelligence, Signals intelligence, Public relations, United States National Security Agency, business, Cyberspace, False accusation, Variety (cybernetics)

Abstract

Though, undoubtedly, the work of the intelligence community can be violent, and even involve death, it mostly involves painstaking research and the collection and analysis of information through a wide variety of means. Indeed, information is a key concept when considering intelligence, because, as Michael Warner notes, every bit of information that exists is not intelligence. It is what is done with the information which makes it intelligence. But even here, there are differing views of what is meant by intelligence. The National Security Agency collects signals intelligence from a variety of sites around the world. Since September 11, 2001, the Federal Bureau of Investigation has played an increasing role in counterintelligence and counterterrorism within the US. A common accusation made about Chinese intelligence is that it is engaged in espionage and cyberspace activities – which seem to be centred on scientific and technological targets, whether civil or military.

Published

2020

22. Mobility restrictions for the control of epidemics: When do they work?

Author

Baltazar Espinoza, Carlos Castillo-Chavez, and Charles Perrings

Subjects

0301 basic medicine, Viral Diseases, Epidemiology, International Cooperation, Declaration, 0302 clinical medicine, Residence Characteristics, Pandemic, Medicine and Health Sciences, 030212 general & internal medicine, Biological sciences, media_common, education.field_of_study, Travel, Multidisciplinary, Mortality rate, Infectious Disease Epidemiology, 3. Good health, Geography, Infectious Diseases, Work (electrical), Quarantine, Medicine, Coronavirus Infections, Research Article, Infectious Disease Control, Death Rates, media_common.quotation_subject, Secondary infection, Science, Control (management), Population, Pneumonia, Viral, Models, Biological, 03 medical and health sciences, Betacoronavirus, Population Metrics, Development economics, Humans, Disease Dynamics, education, Quantitative Biology - Populations and Evolution, Pandemics, Population Density, SARS, Population Biology, business.industry, SARS-CoV-2, Populations and Evolution (q-bio.PE), Biology and Life Sciences, COVID-19, United States National Security Agency, 030104 developmental biology, Infectious disease (medical specialty), Unemployment, FOS: Biological sciences, Business, 030217 neurology & neurosurgery

Abstract

Background: Mobility restrictions - trade and travel bans, border closures and, in extreme cases, area quarantines or cordons sanitaires- are among the most widely used measures to control infectious diseases. Restrictions of this kind were important in the response to epidemics of SARS (2003), H1N1 influenza (2009), and Ebola (2014). However, they do not always work as expected. Methods: To determine when mobility restrictions reduce the size of an epidemic, we use a model of disease transmission within and between economically heterogeneous locally connected communities. One community comprises a lowrisk, low-density population with access to effective medical resources. The other comprises a high-risk, high-density population without access to effective medical resources. Findings: Unrestricted mobility between the two risk communities increases the number of secondary cases in the low-risk community but reduces the overall epidemic size. By contrast, the imposition of a cordon sanitaire around the highrisk community reduces the number of secondary infections in the low-risk community but increases the overall epidemic size. Interpretation: Mobility restrictions may not be an eective policy for controlling the spread of an infectious disease if it is assessed by the overall final epidemic size. Patterns of mobility established through the independent mobility and trade decisions of people in both communities may be sucient to contain epidemics. Funding Statement: Baltazar Espinoza and Carlos Castillo-Chavez were funded by the National Security Agency (NSA Grant H98230-J8-1-0005) and by Data Science Initiative at Brown. Charles Perrings was funded by NSF grant 1414374, and by UK Biotechnology and Biological Sciences Research Council grant BB/M008894/1. Declaration of Interests: All authors declare no conflicts of interest.

Published

2020

23. Commercial Solutions for Classified (CSfC): Harnessing the Power of Industry

Author

Jeff Watkins

Subjects

National security, business.industry, Target audience, ComputingMilieux_LEGALASPECTSOFCOMPUTING, United States National Security Agency, Computer security, computer.software_genre, Encryption, Classified information, Information sensitivity, Data access, Global network, business, computer

Abstract

CEOs of Fortune 500 companies, CIOs of federal/state/local agencies, and average citizens are all concerned about protecting their important information. The National Security Agency protects the nation’s most critical National Security Systems (NSS) and information against cyber-attacks by hardening and defending the cyber infrastructure. Every classified bit of U.S. information traveling across the global infrastructure is protected and encrypted by devices that NSA either certifies, designs, keys or approved for use.Technological advances have given data owners greater flexibility in accomplishing their business and missions; however, these advances come with a price because every connected device on interconnected global networks now becomes a potential access point for cyber adversaries. The hard truth is despite the fact the U.S. is stronger defensively than it has ever been the number of cyber threats facing the nation have never been greater.National Security System users require secure access to data anytime/anywhere in order to make timely mission decisions. NSA must be agile and flexible in order to meet the demand signals for rapid deployments of robust cybersecurity encryption solutions. The Agency has a long, proud history of designing/building/testing/fielding/supporting proprietary Government-Off-The-Shelf encryption solutions. It also has a history of strong public-private partnerships with commercial industry. Because of these enduring partnerships, NSA has been able to expand its suite of cybersecurity encryption solutions to include, where appropriate, the use of commercial products and technologies to protect classified National Security System information.Commercial Solutions for Classified (CSfC) is how NSA is executing its commercial cybersecurity encryption strategy whereby commercial products are architected together in precise ways to protect classified information. CSfC is founded on the principle that properly configured layered solutions can provide sufficient protection of classified data in a variety of different applications.The oral presentation will highlight CSfC’s many activities while also serving as a foundational introduction for those unfamiliar with the initiative. The target audience is everyone interested in learning how they can better protect their sensitive information. Below are the major topics covered during the oral presentation

Published

2020

24. The Role of Industry Partnerships and Collaborations in Information Technology Education

Author

Kenneth Williams, Noman Hayes, Maureen Bertocci, Raed Sbeit, and Ping Wang

Subjects

ComputingMilieux_THECOMPUTINGPROFESSION, Higher education, business.industry, media_common.quotation_subject, Homeland security, Information technology, Public relations, United States National Security Agency, Excellence, Internship, Workforce, Business, Apprenticeship, media_common

Abstract

Information technology education is in high demand, including a significant and fast-growing workforce shortage of and demand for well trained and qualified cybersecurity professionals. Postsecondary education institutions are expected to play a key role in relieving the shortage and meeting the workforce demand. The information technology and cybersecurity industry and professional task areas need comprehensive academic, technical and professional competencies and knowledge, skills and abilities (KSAs) that may not be adequately addressed by the traditional college classroom activities. This study proposes close collaborations and partnerships between information technology (IT) education providers, programs and industry organizations to improve cyber defense education and serve the needs of the industry. There could be various types of collaborations between the industry and education providers, and this research proposes a taxonomy of activities for collaborations. The proposition in this study is based on an established cybersecurity industry competency model with multiple tiers of competencies expected for the cybersecurity workforce. This research study uses sample case discussions of industry collaborations and partnerships at a selected cyber defense education program from a National Center of Academic Excellence in Cyber Defense Education (CAE-CDE) designated by the United States National Security Agency and Department of Homeland Security. Experienced IT and cybersecurity industry professionals and educators participate in this study and share their experiences and insights on the benefits, challenges and strategies for establishing and maintaining partnerships and collaborations between higher education and cybersecurity industry organizations.

Published

2020

25. From cold to cyber warriors: the origins and expansion of NSA’s Tailored Access Operations (TAO) to Shadow Brokers

Author

Steven Loleski

Subjects

021110 strategic, defence & security studies, History, Organizational innovation, ComputingMilieux_THECOMPUTINGPROFESSION, business.industry, 05 social sciences, 0211 other engineering and technologies, 02 engineering and technology, United States National Security Agency, Computer security, computer.software_genre, 0506 political science, Political science, Political Science and International Relations, 050602 political science & public administration, Key (cryptography), business, computer, Shadow (psychology), Hacker

Abstract

How did the National Security Agency (NSA) adopt the practice of hacking? This paper explores how NSA confronted the digital age by focusing on arguably NSA’s key organizational innovation as a mic...

Published

2018

26. Examples of Mimic Defense Application

Author

Jiangxing Wu

Subjects

Router, business.industry, Computer science, Network packet, Node (networking), ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS, The Internet, business, United States National Security Agency, Cyberspace, Heterogeneous network, Data access layer, Computer network

Abstract

As the hub node of the Internet facility, the router decides on the packets forwarding path through network calculation to achieve end-to-end data transmission. It is a basic element of cyberspace; covers the core layer, convergence layer, and access layer of the entire network; and connects multiple heterogeneous networks. Therefore, its service reliability and credibility are crucial for cyberspace security. However, the current router security is not optimistic at all. Snowden revealed that “the US National Security Agency is monitoring Chinese networks and hosts through Cisco routers” [1]. The National Computer Network Emergency Response Technical Team/Coordination Center of China (known as CNCERT or CNCERT/CC) analyzed the routers of mainstream vendors, like Cisco, Linksys, NETGEAR, Tenda, and D-Link, confirming the existence of preset backdoors in their products. The investigation shows severe security problems with the routers.

Published

2019

27. Immersive Collaboration on Data Science for Intelligence Analysis

Author

Alyson Wilson, Lara Schmidt, Brent Winter, and Matthew Schmidt

Subjects

Engineering, Government, business.industry, Intelligence analysis, media_common.quotation_subject, Big data, Principal (computer security), Public relations, United States National Security Agency, Corporation, State (polity), Aerospace, business, media_common

Abstract

In 2013, the National Security Agency (NSA) founded the Laboratory for Analytic Sciences (LAS) at North Carolina State University (NCSU) to help the Intelligence Community (IC) address the growing complexity of big data challenges. The goal of LAS is to partner experts and practitioners from academia, government, and industry to create tools and techniques that help intelligence analysts provide better information to the decision makers who need it. This interview of Alyson Wilson, the principal investigator of LAS from NCSU, and Matthew Schmidt, the LAS technical director from NCSU, is conducted by Lara Schmidt, the principal director for Strategic and Global Awareness at the Aerospace Corporation, and Brent Winter from University Relations at NCSU. It provides an overview of the LAS collaboration model and describes projects conducted at LAS.Keywords: anticipatory thinking, collaboration, innovation, intelligence community, structured analytic techniques

Published

2019

28. Misapplied metaphors in AI policy

Author

Shane Greenstein

Subjects

Government, business.industry, Computer science, Champion, ComputingMilieux_LEGALASPECTSOFCOMPUTING, Subsidy, Public administration, United States National Security Agency, GeneralLiterature_MISCELLANEOUS, Frontier, Hardware and Architecture, National champions, Cold war, Electrical and Electronic Engineering, business, Software

Abstract

Unlike the Chinese government, the U.S. government does not directly subsidize any technology company outside the military, nor does it compel banks to lend to specific firms at favorable rates, nor will it ever speed the permits of national champions, and, frankly, it usually avoids designating a champion. Outside the activities at the National Security Agency (NSA), the U.S. government also cannot suspend privacy laws in order to nurture technology development (not legally). To summarize, the U.S. government rarely has intervened directly in technical industries except during wartime, or except when the panic of war seems closer, as with the Cold War. Private funding swamps government funding, and therein lies a crucial feature of the North American setting. The top five U.S. states in the U.S. contained over $2.5 billion of AI VC funding in 2018. Though the data are not public, the private funding for internal projects from Google, Amazon, Microsoft, and Facebook surely equal the VC funding. While nobody in the Valley likes to think Wall Street and insurance firms lead the way in AI software, add them too. These firms have always led the development of frontier software.

Published

2019

29. An Interview with Snowden’s Lawyer: Robert Tibbo on Whistleblowing, Mass Surveillance and Human Rights Activism

Author

Iain Munro

Subjects

Government, Human rights, business.industry, Strategy and Management, media_common.quotation_subject, 05 social sciences, United States National Security Agency, General Business, Management and Accounting, Transparency (behavior), Critical management studies, 0506 political science, Power (social and political), Politics, Management of Technology and Innovation, Political science, Law, 0502 economics and business, 050602 political science & public administration, Political apathy, business, 050203 business & management, media_common

Abstract

Robert Tibbo is a prominent human rights lawyer and activist and is the defence lawyer of the National Security Agency whistleblower Edward Snowden. This interview may be of particular interest to researchers in the field of critical management studies regarding its discussion of (1) the close relationship between whistleblowing and human rights activism, (2) the use of new systems of global mass surveillance to target activists and journalists, (3) the use of secrecy by government organisations to avoid democratic accountability in cases of human rights violations and (4) the effect of mass surveillance on freedom of expression and problems relating to increased self-censorship and political apathy. This interview with Robert Tibbo provides a helpful introductory discussion of whistleblowing and human rights activism from a key figure who has had first-hand experience in this key area of social and political struggle.

Published

2017

30. Big Data, intelligence, and analyst privacy: investigating information dissemination at an NSA-funded research lab

Author

Kathleen M. Vogel and Maureen H. Swanson

Subjects

History, Intelligence analysis, business.industry, Best practice, Internet privacy, Big data, Information Dissemination, 02 engineering and technology, United States National Security Agency, Work (electrical), 020204 information systems, Political Science and International Relations, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, Business, Privacy principles

Abstract

The Laboratory for Analytic Sciences (LAS) at North Carolina State University, funded by the National Security Agency, is a collaborative, long-term research enterprise focused on improving intelligence analysis using Big Data. In its work, LAS has recently begun dealing with the trade-off between the collection, storage, and use of large unclassified data-sets and analyst privacy. We discuss particular privacy challenges at LAS, analyze privacy principles in the life cycle of LAS unclassified data-sets, what intelligence analysts themselves think about these privacy concerns, and recommend possible best practices potentially applicable to LAS, as well as future Big Data laboratories and research centers that collaborate with intelligence communities.

Published

2017

31. High-throughput configurable SIMON architecture for flexible security

Author

Mohammad Hassani Sadi, Saeideh Sheikhpour, and Ali Mahani

Subjects

010302 applied physics, Hardware architecture, Computer science, business.industry, 020208 electrical & electronic engineering, General Engineering, 02 engineering and technology, Fault (power engineering), United States National Security Agency, 01 natural sciences, Application-specific integrated circuit, Computer architecture, 0103 physical sciences, 0202 electrical engineering, electronic engineering, information engineering, Key (cryptography), Architecture, Field-programmable gate array, business, Throughput (business)

Abstract

As the Internet of Things applications become mission-critical and their data more valuable, it becomes more and more essential to paramount their security. The security can be improved by using emerging light-weight ciphers. SIMON is a relatively recent family of light-weight ciphers which is proposed by the National Security Agency optimized for hardware platforms. In this paper, we propose an optimized hardware architecture for SIMON for high-throughput resource-constrained applications with multiple levels of security. Moreover, a configurable architecture with different operating modes is introduced for utilizing in applications requiring higher resistance to fault and power attacks. This architecture also supports an ultra-high-throughput mode for different key sizes. Implementation results of the proposed architectures on both ASIC and FPGA are reported. The comparison results show that our proposals outperform similar architectures in terms of some design metrics, e.g. throughput, which make it suitable for IoT applications. Finally, we implement practically our architecture on the Digilent-ZYBO board and report the experimental results.

Published

2021

32. The Importance of Organizational Innovation and Adaptation in Building Academic–Industry–Intelligence Collaboration: Observations from the Laboratory for Analytic Sciences

Author

Jessica Katz Jameson, Beverly B. Tyler, Brian Evans, Hector Rendon, Sharon Joines, and Kathleen M. Vogel

Subjects

Information Systems and Management, Organizational innovation, Knowledge management, Operationalization, Sociology and Political Science, business.industry, 05 social sciences, 050905 science studies, United States National Security Agency, 050601 international relations, 0506 political science, Political science, Political Science and International Relations, 0509 other social sciences, business, Adaptation (computer science)

Abstract

This article discusses the establishment and development of the Laboratory for Analytic Sciences (LAS), a unique site of academic–industry–intelligence collaboration, established in 2013 by the National Security Agency (NSA) and located on the campus of North Carolina State University. Since 2014, the authors have been participant-observers of LAS research teams. This article describes how inter-institutional, interdisciplinary collaboration has developed at LAS, drawing on multi-year data involving observations, surveys, and interviews that the authors have collected. LAS provides an opportunity to study the operationalization of an academic–intelligence collaboration and gather lessons learned in order to inform future collaborative efforts by the U.S. intelligence community. What this article reveals is the importance of organizational innovation and adaptation in light of various challenges that emerge in inter-institutional and interdisciplinary collaboration.

Published

2017

33. New integral attacks on SIMON

Author

Meiqin Wang, Kai Fu, and Ling Sun

Subjects

Property (philosophy), Degree (graph theory), Computer Networks and Communications, business.industry, Computer science, 020206 networking & telecommunications, Cryptography, 02 engineering and technology, United States National Security Agency, Algebra, Linear cryptanalysis, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, Differential (infinitesimal), business, Boolean function, Software, Information Systems, Block cipher

Abstract

SIMON is a family of lightweight block ciphers publicly released by National Security Agency (NSA). Up to now, there have been many cryptanalytic results on it by means of impossible differential, integral, zero-correlation linear cryptanalysis and so forth. In this study, the authors analyse the characteristic of the Boolean functions of SIMON32 and find that the presentation of zero-sum property is influenced by the degree of the corresponding Boolean function. As a result, the zero-sum integral distinguisher for 14-round SIMON32 is identified which is same to the one given by Wang et.al. Inspired by this finding, they also experimentally find the zero-sum integral distinguisher for 16-round SIMON48. Then, the integral attacks on 22-round SIMON32, 22-round SIMON48/72 and 23-round SIMON48/96 are given. They improve the previous integral attack on SIMON32 from 21-round to 22-round, and the first integral attack on SIMON48 is proposed.

Published

2017

34. Security Glitches

Author

Rebecca A. Adelman

Subjects

Economics and Econometrics, Sociology and Political Science, 0507 social and economic geography, Identity (social science), 050801 communication & media studies, Mistake, Computer security, computer.software_genre, Power (social and political), Politics, 0508 media and communications, Political science, Fantasy, business.industry, 05 social sciences, United States National Security Agency, Human-Computer Interaction, Philosophy, Anthropology, Camouflage, Liberian dollar, business, 050703 geography, computer, Social psychology, Social Sciences (miscellaneous)

Abstract

Focusing on the paradoxes revealed in the multibillion dollar mistake of the Universal Camouflage Pattern (UCP) and the expansive ambit of a leaked National Security Agency briefing on its approach to “identity intelligence,” this article analyzes security glitches arising from the state’s application of mechanized logics to security and visibility. Presuming that a digital-looking pattern would be more deceptive than designs inspired by natural forms, in 2004, the US Army adopted a pixelated “digital” camouflage pattern, a print that rendered soldiers more, rather than less, visible in the field; it acknowledged this error in 2012. Two years later, “Identity Intelligence: Image Is Everything” visualized the episteme of National Security Agency surveillance with an illustration detailing hundreds of different types of data—biometric, biographic, and contextual—that the agency believes it could exploit to identify and monitor “targets of interest.” These glitches originate in technofetishistic convictions about the nature of digital images and information, limited ways of imagining bodies and lives, and reductive understandings of complex relationships between power and perception. Together, they expose the paradoxes that arise as the state tries to extend its power over the body and the contingency of that power on the smallest of things.

Published

2017

35. Surveillance, Authoritarianism and ‘Imperial Effects’ in Pakistan

Author

Mahvish Ahmad and Rabia Mehmood

Subjects

business.industry, Authoritarianism, Military aid, DS Asia, United States National Security Agency, Drone, Urban Studies, Politics, Brexit, Political economy, Law, Political science, JZ International relations, U Military Science, business, Safety Research, Eurocentrism, Expansive

Abstract

To speak of ‘Surveillance and the Global Turn to Authoritarianism’ presupposes a moment with little connection to that which has gone before, or places outside of North America and Europe. While Trump and Brexit inaugurate a consequential shift, even rupture, in the political terrain, we must not lose sight of places and peoples where American Wars – with European support – were overtly and covertly waged in the decades preceding this ‘global turn’, nor the fate of these places today. We argue that the sustained transfer of sophisticated surveillance technologies, as part and parcel of both direct military assault and more expansive support for security states, has had lasting imperial effects outside imperial centres that reverberate today. We take our point of departure in Pakistan – the site of hundreds of drone bombardments under Obama, one of the top recipients of US military aid, and the largest known recipient of funding from the National Security Agency (NSA) – to argue that ’global turns’ must not forget the rest of the world, and Surveillance Studies may have far to go before it fully addresses its Eurocentrism.

Published

2017

36. Online Surveillance’s Effect on Support for Other Extraordinary Measures to Prevent Terrorism

Author

Elizabeth Stoycheff, Juan Liu, Kai Xu, and Kunto Adi Wibowo

Subjects

Online and offline, Government, business.industry, Communication, media_common.quotation_subject, 05 social sciences, 050801 communication & media studies, Public relations, Slippery slope, Civil liberties, United States National Security Agency, 0506 political science, 0508 media and communications, Foreign policy, Law, Perception, Terrorism, 050602 political science & public administration, Psychology, business, media_common

Abstract

The U.S. National Security Agency argues that online mass surveillance has played a pivotal role in preventing acts of terrorism on U.S. soil since 9/11. But journalists and academics have decried the practice, arguing that the implementation of such extraordinary provisions may lead to a slippery slope. As the first study to investigate empirically the relationship between online surveillance and support for other extraordinary measures to prevent terrorism, we find that perceptions of government monitoring lead to increased support for hawkish foreign policy through value-conflict associations in memory that prompt a suppression of others’ online and offline civil liberties, including rights to free speech and a fair trial. Implications for the privacy–security debate are discussed.

Published

2017

37. Terror and technology: domestic intelligence collection and the gossamer of enhanced security

Author

Richard J. Kilroy

Subjects

Patriot Act, business.industry, media_common.quotation_subject, 05 social sciences, United States National Security Agency, 050601 international relations, Democracy, 0506 political science, Metadata, Foreign Intelligence Surveillance Act, Phone, Law, Political Science and International Relations, Terrorism, 050501 criminology, Intelligence cycle security, Sociology, business, 0505 law, media_common

Abstract

The Paris (2015) and Brussels (2016) terrorist attacks reignited the debate over security vs. liberty in the fight against terrorism in democratic societies. In the United States, the controversy began again in 2012, as a result of revelations coming from Edward Snowden about the National Security Agency’s (NSA) domestic and foreign intelligence collection programs. The collection of telephony metadata by the NSA raised the issue about the legal provisions of section 215 of the USA Patriot Act, and section 702 of the Foreign Intelligence Surveillance Act, concerning the collection of phone records of U.S. citizens. The USA Freedom Act was meant to address some of these concerns over the use of technology domestically in the fight against terrorism, but does it? This article argues that the use of advanced technologies in domestic intelligence and information collection by intelligence agencies does not significantly enhance security and prevent the possibility of terrorist attacks, as much as good...

Published

2017

38. William Friedman, Geneticist Turned Cryptographer

Author

Irwin L. Goldman

Subjects

0301 basic medicine, Genetics, Cryptogram, business.industry, Polymath, World War II, Geneticist, History, 20th Century, Biology, United States National Security Agency, 03 medical and health sciences, 030104 developmental biology, 0302 clinical medicine, Cipher, Humans, Signals intelligence, 030212 general & internal medicine, Plant geneticist, business, Classics, Perspectives

Abstract

William Friedman was a geneticist working at Riverbank Laboratories in Illinois. Soon after starting, he became intrigued by one of the lab’s... William Friedman (1891–1969), trained as a plant geneticist at Cornell University, was employed at Riverbank Laboratories by the eccentric millionaire George Fabyan to work on wheat breeding. Friedman, however, soon became intrigued by and started working on a pet project of Fabyan’s involving the conjecture that Francis Bacon, a polymath known for the study of ciphers, was the real author of Shakespeare’s plays. Thus, beginning in ∼1916, Friedman turned his attention to the so called “Baconian cipher,” and developed decryption techniques that bore similarity to approaches for solving problems in population genetics. His most significant, indeed pathbreaking, work used ideas from genetics and statistics, focusing on analysis of the frequencies of letters in language use. Although he had transitioned from being a geneticist to a cryptographer, his earlier work had resonance in his later pursuits. He soon began working directly for the United States government and produced solutions used to solve complex military ciphers, in particular to break the Japanese Purple code during World War II. Another important legacy of his work was the establishment of the Signal Intelligence Service and eventually the National Security Agency.

Published

2017

39. Edward Snowden, Frenemy of the State

Author

Tarzie

Subjects

Economics and Econometrics, Sociology and Political Science, Patriot Act, business.industry, media_common.quotation_subject, 05 social sciences, Spectacle, Adversary, United States National Security Agency, State (polity), Nothing, Law, 0502 economics and business, Credibility, Mainstream, 050211 marketing, Sociology, business, 050203 business & management, media_common

Abstract

The Edward Snowden whistleblowing event is a calculated spectacle of pseudo-dissidence that has more in common with Hollywood-produced propaganda than with genuine whistleblowing. This article presents evidence that Snowden has lied on a number of occasions, calling his credibility into question. Nothing that Snowden has revealed was truly a secret, since several previous whistleblowers had reported, since 2002, about illegal mass surveillance of American citizens by the National Security Agency. Snowden's most striking difference from other NSA whistleblowers is the warm embrace from mainstream media, which has made him a celebrity. The 1998 theatrical film Enemy of the State contained the same sorts of revelations offered by Snowden, and imparts a number of messages to its audience about the security state that are strikingly similar to recurring messages in the Snowden Affair. Since that movie was made with assistance from the CIA these similarities are important to considering how authentic and socially useful his whistleblowing is. It seems evident from Snowden's support for the renewal of the Patriot Act (now the Freedom Act), that he objectively serves the interests of the surveillance state, rather than the public it spies upon.

Published

2017

40. Metadata Laws, Journalism and Resistance in Australia

Author

Benedetta Brevini

Subjects

Widerstand, Privatsphäre, Communication studies, Observation, ComputingMilieux_LEGALASPECTSOFCOMPUTING, act, digitalization, ddc:070, lcsh:Communication. Mass media, 0508 media and communications, Secrecy, Gesetz, digital resistance, Medienrecht, Communication, 05 social sciences, Australien, Daten, lcsh:P87-96, Snowden, E, data, 050903 gender studies, Accountability, impact, surveillance, Technical Journalism, Datensicherheit, Digitalisierung, National security, 050801 communication & media studies, journalism, Media Politics, Information Politics, Media Law, privacy, Medienpolitik, Informationspolitik, Medienrecht, media law, media policy, resistance, journalists, Journalismus, Political science, data security, News media, journalism, publishing, business.industry, metadata, Australia, United States National Security Agency, Medienpolitik, Metadata, Law, Auswirkung, Journalism, Publizistische Medien, Journalismus,Verlagswesen, 0509 other social sciences, business

Abstract

The intelligence leaks from Edward Snowden in 2013 unveiled the sophistication and extent of data collection by the United States’ National Security Agency and major global digital firms prompting domestic and international debates about the balance between security and privacy, openness and enclosure, accountability and secrecy. It is difficult not to see a clear connection with the Snowden leaks in the sharp acceleration of new national security legislations in Australia, a long term member of the Five Eyes Alliance. In October 2015, the Australian federal government passed controversial laws that require telecommunications companies to retain the metadata of their customers for a period of two years. The new acts pose serious threats for the profession of journalism as they enable government agencies to easily identify and pursue journalists’ sources. Bulk data collections of this type of information deter future whistleblowers from approaching journalists, making the performance of the latter’s democratic role a challenge. After situating this debate within the scholarly literature at the intersection between surveillance studies and communication studies, this article discusses the political context in which journalists are operating and working in Australia; assesses how metadata laws have affected journalism practices and addresses the possibility for resistance.

Published

2017

41. An Architecture for Agile Systems Engineering of Secure Commercial Off-the-Shelf Mobile Communications

Author

Shahram Sarkani, Thomas A. Mazzuchi, and Jamieson Gump

Subjects

Government, Engineering, Computer Networks and Communications, business.industry, 05 social sciences, 020207 software engineering, 02 engineering and technology, United States National Security Agency, Computer security, computer.software_genre, Encryption, Hardware and Architecture, 0502 economics and business, 0202 electrical engineering, electronic engineering, information engineering, Systems engineering, Mobile technology, Mobile telephony, Architecture, business, Telecommunications, Commercial off-the-shelf, computer, 050203 business & management, Agile software development

Abstract

The federal government has long had a need for highly secure communications. The National Security Agency NSA is responsible for the wide range of technologies to secure these communications. They realized, recently, that the development times for government encryption technology was not keeping pace with the rapid evolution of commercial mobile technologies; together with a realization that commercial technologies exist to meet the requirements for the federal government. Specifically, NSA has published specifications on their website to operationalize these capabilities. Commercial Solutions for Classified CSfC, the NSA term for commercial off-the-shelf COTS secure communications, coupled with published capability packages allows a developer to field a secure communications solution rapidly built entirely on COTS technology. The architecture, proposed in this paper, will address the rapidly evolving commercial mobile security market and will address fully leveraging commercial technologies to field the latest technologies in the shortest amount of time and at the lowest cost. With the NSA move to commercial technologies and the commercial market moving to enhanced security for "standard commercial users," there is an emerging convergence of these two approaches. The initial work has revealed effective architectural constructs to support the wide range of emerging applications of this promising approach from NSA.

Published

2017

42. The spy in Moscow station: a counterspy’s hunt for a deadly cold war threat

Author

Ryan Shaffer

Subjects

History, business.industry, Political science, Political Science and International Relations, Cold war, Art history, United States National Security Agency, business

Abstract

The Spy in Moscow Station describes the National Security Agency (NSA) investigation into the bugging of United States Embassy in Moscow starting in 1978 to Project GUNMAN that revealed sophisticat...

Published

2020

43. Beyond interactivity: critical/cultural surveillance scholarship, 10 years after Andrejevic

Author

Rebecca M. Rice

Subjects

business.industry, Communication, 05 social sciences, 0211 other engineering and technologies, 0507 social and economic geography, Media studies, 021107 urban & regional planning, Resistance (psychoanalysis), 02 engineering and technology, United States National Security Agency, Scholarship, Interactivity, Cultural studies, Agency (sociology), Terrorism, Sociology, business, 050703 geography, Biopower

Abstract

Mark Andrejevic’s iSpy: Surveillance and Power in the Interactive Era identified the potential for critical/cultural studies to examine advances in surveillance technologies by considering their relationship with cultures and discourses. Almost 10 years after iSpy, critical/cultural projects have expanded Andrejevic’s vision to account for new surveillance innovations (e.g. biometric technology and body scanners), new cultural contexts (e.g. of terrorist threat conception), and new moments of resistance (e.g. the recent revelation of National Security Agency monitoring). I review here five of these projects, published between 2010 and 2015, and summarize current conversations in critical/cultural surveillance studies as they implicate ongoing communication theory and research. These projects demonstrate that Andrejevic’s formative vision of surveillance as control of consumer agency illuminates evolving control in other arenas. This control subjects certain people to more surveillance and less sec...

Published

2016

44. A 'Massive and Unprecedented Intrusion'

Author

Courtney N. Johnson

Subjects

050502 law, Government, business.industry, Communication, 05 social sciences, 050801 communication & media studies, United States National Security Agency, Economic Justice, Intrusion, 0508 media and communications, Phone, Law, Sociology, business, Legitimacy, 0505 law

Abstract

In May 13, 2013, the Associated Press announced that the United States Department of Justice had secretly subpoenaed phone records from Associated Press phone lines over a two-month period in early 2012. A few days later, on May 17, the Washington Post revealed that the Department of Justice had also been tracking the activities of Fox News’ chief Washington correspondent, James Rosen. These two stories caused large scandals in the United States, and the majority of American journalists denounced the surveillance. As these scandals were still unfolding, yet another government surveillance scandal broke: former National Security Agency contractor Edward Snowden revealed that the federal government had been collecting the cell phone metadata of American citizens for several years. Journalists’ responses to this scandal were more nuanced; editorials expressed a wider spectrum of views about the ethics of government surveillance practices, and more complex opinions about the legitimacy and necessity of govern...

Published

2016

45. Review of Working on the Dark Side of the Moon: Life Inside the National Security Agency by Thomas Reed Willemain

Author

Chris Christensen

Subjects

021110 strategic, defence & security studies, Engineering, business.industry, Applied Mathematics, 05 social sciences, 0211 other engineering and technologies, 02 engineering and technology, Far side of the Moon, United States National Security Agency, 050601 international relations, 0506 political science, Computer Science Applications, Management, business, Statistician

Abstract

Thomas Reed Willemain, the author of Working on the Dark Side of the Moon, describes himself as an electrical engineer turned applied statistician and software entrepreneur (Willemain 2017, Dark Si...

Published

2018

46. Commercial National Security Algorithm (CNSA) Suite Certificate and Certificate Revocation List (CRL) Profile

Author

Lydia Zieglar and Michael Jenkins

Subjects

ComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMS, Revocation list, National security, Computer science, business.industry, Suite, NIST, Public key infrastructure, The Internet, business, United States National Security Agency, Certificate, Algorithm

Abstract

This document specifies a base profile for X.509 v3 Certificates and X.509 v2 Certificate Revocation Lists (CRLs) for use with the United States National Security Agency's Commercial National Security Algorithm (CNSA) Suite. The reader is assumed to have familiarity with RFC 5280, "Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile". The profile applies to the capabilities, configuration, and operation of all components of US National Security Systems that employ such X.509 certificates. US National Security Systems are described in NIST Special Publication 800-59. It is also appropriate for all other US Government systems that process high-value information. It is made publicly available for use by developers and operators of these and any other system deployments.

Published

2019

47. Chapter 9 Government Surveillance, National Security, and the American Rights: Using Sentiment Analysis to Extract Citizen Opinions

Author

Lily Popova Zhuhadar and Mark Ciampa

Subjects

Panel survey, Government, National security, Phone, business.industry, Political science, Agency (sociology), Sentiment analysis, Context (language use), Public relations, business, United States National Security Agency

Abstract

After the ex-National Security Agency contractor Edward Snowden1 disclosures of the National Security Agency surveillance of Americans’ online and phone communications, the Pew Research Center2 administrated a panel survey to collect data concerning Americans’ opinions about privacy and security. This survey has mixed types of qualitative questions (closed and open-ended). In this context, to our knowledge, until today, no research has been applied on the open-ended part of these data. In this chapter, first the authors present their findings from applying sentiment analysis and topic extraction methods; second, the authors demonstrate their analysis to sentiments polarities; and finally, the authors interpret the semantic relationships between topics and their associated negativity, positivity, and neutral sentiments.

Published

2019

48. Academic Cybersecurity Disciplinary Foundations and Accreditation

Author

Allen Parrish, Rajendra K. Raj, and Lawrence G. Jones

Subjects

ComputingMilieux_THECOMPUTINGPROFESSION, Scope (project management), business.industry, Computer science, Process (engineering), media_common.quotation_subject, Homeland security, ComputingMilieux_LEGALASPECTSOFCOMPUTING, United States National Security Agency, Computer security, computer.software_genre, Session (web analytics), Excellence, business, Discipline, computer, Accreditation, media_common

Abstract

This session is designed to attract participants with an interest in post-secondary academic cybersecurity programs. Despite the extraordinary interest in cybersecurity due to the job market, relatively little consensus exists on how to design academic programs. Divergence on issues such as degree title, program objectives and outcomes, program scope, whether only one distinct discipline of cybersecurity exists or several, whether a separate academic unit is needed to offer such degrees, and what role other (non-computing) disciplines should play in cybersecurity programs. Prior efforts in defining cybersecurity at the collegiate level include the US Department of Homeland Security and the US National Security Agency's Centers for Academic Excellence (CAE) programs, NIST's National Initiative for Cybersecurity Education (NICE), the Cyber Education Project, the Joint Task Force's CSEC 2017 draft curricular guidelines, and ABET accreditation criteria for cybersecurity programs. The audience is expected to consist of college faculty and administrators who are either in the process of starting cybersecurity programs or are seeking guidance for developing security content for other computing programs that must now teach security. This session will allow participants to share ideas regarding how to develop and teach cybersecurity in four-year, post-secondary academic programs.

Published

2019

49. No Oversight, No Limits, No Worries: A Primer on Presidential Spying and Executive Order 12,333

Author

Mark M. Jaycox

Subjects

Presidential system, business.industry, Internet privacy, Accountability, Espionage, Signals intelligence, Legislature, business, United States National Security Agency, Transparency (behavior), Hacker

Abstract

Executive Order 12,333 ("EO 12333") is a 1980s Executive Order signed by President Ronald Reagan that, among other things, establishes an overarching policy framework for the Executive Branch's spying powers. Although electronic surveillance programs authorized by EO 12333 generally target foreign intelligence from foreign targets, its permissive targeting standards allow for the substantial collection of Americans' communications containing little to no foreign intelligence value. This fact alone necessitates closer inspection. This working draft conducts such an inspection by collecting and coalescing the various declassifications, disclosures, legislative investigations, and news reports concerning EO 12333 electronic surveillance programs in order to provide a better understanding of how the Executive Branch implements the order and the electronic surveillance programs it authorizes. The Article pays particular attention to EO 12333's designation of the National Security Agency as primarily responsible for conducting signals intelligence, which includes the installation of malware, the analysis of internet traffic traversing the telecommunications backbone, the hacking of U.S.-based companies like Yahoo and Google, and the analysis of Americans’ communications, contact lists, text messages, geolocation data, and other information. After exploring the electronic surveillance programs authorized by EO 12333, this Article proposes reforms to the existing policy framework, including narrowing the aperture of authorized surveillance, increasing privacy standards for the retention of data, and requiring greater transparency and accountability.

Published

2019

50. Power Analysis and Protection on SPECK and Its Application in IoT

Author

Ning Shang, Xin Liu, Guoshuang Zhang, Liehuang Zhu, An Wang, and Jing Ge

Subjects

Computer science, business.industry, Modulo, 02 engineering and technology, Computer security, computer.software_genre, United States National Security Agency, 020202 computer hardware & architecture, Power analysis, 0202 electrical engineering, electronic engineering, information engineering, Key (cryptography), Code (cryptography), 020201 artificial intelligence & image processing, Side channel attack, business, computer, Countermeasure (computer), Block cipher

Abstract

Emerging applications such as the Internet of Things (IoT) promotes the development of lightweight cryptography. SPECK is a lightweight block cipher, specially designed for limited resource devices that was presented by National Security Agency. Nevertheless, before using SPECK in any practical application, protection against side-channel attacks must be paid attention to. In this paper, we take two attack positions into account and make effort to implement correlation power analysis on a naive software implementation of SPECK algorithm in the IoT application scenario. Our experimental results show that the real key fixed in the register can be successfully recovered when attack the XOR operations, while there is always an interference item that confuses the correct key when attack the modulo addition operation. Furthermore, we proposal a countermeasure against power attacks in the IoT application, and the protected SPECK only cost 53.01%, 6.27% and 318.18% of extra code, RAM and time, respectively.

Published

2019