Interesting People mailing list archives
IP: NSA/ARPA/DISA joint research office Memo of Agreement
From: Dave Farber <farber () central cis upenn edu>
Date: Thu, 01 Aug 1996 04:59:56 -0400
To: cypherpunks () toad com<br> Date: Thu, 01 Aug 1996 01:57:54 -0700<br> From: John Gilmore <gnu () toad com><br> [I found this at the ARPA web site while looking up the programs there that are trying to deploy crypto in the Internet. You can read it as plain text, the HTML crud peters out after the first page. If you look at it on the web, they have reproduced the signatures from the signature page in a GIF file. -- John] <BASE HREF="http://www.ito.darpa.mil/ResearchAreas/Information_Survivability/MOA.html"> <HTML> <HEAD> <TITLE>MOA - Information Systems Security Research Joint Technology Office</TITLE> </HEAD> <BODY> <CENTER> <H3>Memorandum of Agreement<BR> Between<BR> The Advanced Research Projects Agency,<BR> The Defense Information Systems Agency, and<BR> The National Security Agency<BR>Concerning<BR> The Information Systems Security Reseach Joint Technology Office</H3> </CENTER> <H3>Purpose</H3> The Advanced Research Projects Agency (ARPA), the Defense Information Systems Agency (DISA), and the National Security Agency (NSA) agree to the establishment of the Information System Security Research Joint Technology Office (ISSR-JTO) as a joint activity. The ISSR-JTO is being established to coordinate the information systems security research programs of ARPA and NSA. The ISSR-JTO will work to optimize use of the limited research funds available, and strengthen the responsiveness of the programs to DISA, expediting delivery of technologies that meet DISA's requirements to safeguard the confidentiality, integrity, authenticity, and availability of data in Department of Defense information systems, provide a robust first line of defense for defensive information warfare, and permit electronic commerce between the Department of Defense and its contractors. <H3>Background</H3> In recent years, exponential growth in government and private sector use of networked systems to produce and communicate information has given rise to a shared interest by NSA and ARPA in focusing government R&D on information systems security technologies. NSA and its primary network security customer, DISA, have become increasingly reliant upon commercial information technologies and services to build the Defense Information Infrastructure, and the inherent security of these technologies and services has become a vital concern. From ARPA'S perspective, it has become increasingly apparent that security is critical to the success of key ARPA information technology initiatives. ARPA's role in fostering the development of advanced information technologies now requires close attention to the security of these technologies.<P> NSA's security technology plan envisions maximum use of commercial technology for sensitive but unclassified applications, and, to the extent possible, for classified applications as well. A key element of this plan is the transfer of highly reliable government-developed technology and techniques to industry for integration into commercial off-the-shelf products, making quality-tested security components available not only to DoD but to the full spectrum of government and private sector users as well. ARPA is working with its contractor community to fully integrate security into next generation computing technologies being developed in all its programs, and working with the the research community to develop strategic relationships with industry so that industry will develop modular security technologies with the capability of exchanging appropriate elements to meet various levels of required security.<P> NSA and ARPA now share a strong interest in promoting the development and integration of security technology for advanced information systems applications. The challenge at hand is to guide the efforts of the two agencies in a way that optimizes use of the limited research funds available and maximizes support to DISA in building the Defense Information Infrastructure.<P> NSA acts as the U.S. Government's focal point for cryptography, telecommunications security, and information systems security for national security systems. It conducts, approves, or endorses research and development of techniques and equipment to secure national security systems. NSA reviews and approves all standards, techniques, systems, and equipment related to the security of national security systems. NSA's primary focus is to provide information systems security products, services, and standards in the near term to help its customers protect classified and national security-related sensitive but unclassified information. It develops and assesses new security technology in the areas of cryptography, technical security, and authentication technology; endorses cryptographic systems protecting national security information; develops infrastructure support technologies; evaluates and rates trusted computer and network products; and provides information security standards for DoD. Much of the work in these areas is conducted in a classified environment, and the balancing of national security and law enforcement equities has been a significant constraint.<P> ARPA's mission is to perform research and development that helps the Department of Defense to maintain U.S. technological superiority over potential adversaries. At the core of the ARPA mission is the goal to develop and demonstrate revolutionary technologies that will fundamentally enhance the capability of the military. ARPA's role in fostering the development of advanced computing and communications technologies for use by the DoD requires that long term solutions to increasing the security of these systems be developed. ARPA is interested in commercial or dual-use technology, and usually technology that provides revolutionary rather than evolutionary enhancements to capabilities. ARPA is working with industry and academia to develop technologies that will enable industry to provide system design methodologies and secure computer, operating system, and networking technologies. NSA and ARPA research interests have been converging in these areas, particularly with regard to protocol development involving key, token, and certificate exchanges and processes.<P> One of the key differences between ARPA's work and NSA's is that ARPA's is performed in unclassified environments, often in university settings. This enables ARPA to access talent and pursue research strategies normally closed to NSA due to security considerations. Another difference is that while NSA's research is generally built around developing and using specific cryptographic algorithms, ARPA's approach is to pursue solutions that are independent of algorithm used and allow for modularly replaceable cryptography. ARPA will, to the greatest extent possible, allow its contractor community to use cryptography developed at NSA, and needs solutions from NSA on an expedited basis so as not to hold up its research program.<P> DISA functions as the Department of Defense's information utility. Its requirements for information systems security extend beyond confidentiality to include protection of data from tampering or destruction and assurance that data exchanges are originated and received by valid participants. DISA is the first line of defense for information warfare, and needs quality technology for detecting and responding to network penetrations. The growing vulnerability of the Defense information Infrastructure to unauthorized access and use, demonstrated in the penetration of hundreds of DoD computer systems during 1994, makes delivery of enabling security technologies to DISA a matter of urgency. <H3>The Information Systems Security Research Joint Technology Office</H3> This MOA authorizes the ISSR-JTO as a joint undertaking of ARPA, DISA, and NSA. It will perform those functions jointly agreed to by these agencies. Each agency shall delegate to the ISSO-JTO such authority and responsibility as is necessary to carry out its agreed functions. Participation in the joint program does not relieve ARPA, DISA, or NSA of their respective individual charter responsibilities, or diminish their respective authorities.<P> A Joint Management Plan will be developed to provide a detailed definition of the focus, objectives, operation, and costs of the Joint Technology Office. The ISSR-JTO will be jointly staffed by ARPA, DISA, and NSA, with respective staffing levels to be agreed upon by the three parties. Employees assigned to the JTO will remain on the billets of their respective agency. Personnel support for employees assigned to the JTO will be provided by their home organization. The ISSR-JTO will be housed within both ARPA and NSA, except as agreed otherwise by the three parties. To the greatest extent possible, it will function as a virtual office, using electronic connectivity to minimize the need for constant physical co-location. Physical security support will be provided by the party responsible for the specific facilities occupied. Assignment of the ISSR-JTO Director, Deputy Director, and management of other office elements will be made by mutual agreement among the Directors of ARPA, DISA, and NSA upon recommendation of their staffs.<P> <H3>Functions</H3> By mutual agreement of ARPA, DISA, and NSA, the ISSR-JTO will perform the following joint functions: <OL> <LI>Review and coordinate all Information System Security Research programs at ARPA and NSA to ensure that there is no unnecessary duplication, that the programs are technically sound, that they are focused on customer requirements where available, and that long term research is aimed at revolutionary increases in DoD security capabilities. <LI>Support ARPA and NSA in evaluating proposals and managing projects arising from their information systems security efforts, and maintain a channel for the exchange of technical expertise to support their information systems security research programs. <LI>Provide long range strategic planning for information systems security research. Provide concepts of future architectures which include security as an integral component and a road map for the products that need to be developed to fit the architectures, taking into account anticipated DoD information systems security research needs for command and control, intelligence, support functions, and electronic commerce. The long range security program will explore technologies which extend security research boundaries. <LI>Develop measures of the effectiveness of the information systems security research programs in reducing vulnerabilities. <LI>Work with DISA, other defense organizations, academic, and industrial organizations to take new information systems security research concepts and apply them to selected prototype systems and testbed projects. <LI>Encourage the U.S. industrial base to develop commercial products with built-in security to be used in DoD systems. Develop alliances with industry to raise the level of security in all U.S. systems. Bring together private sector leaders in information systems security research to advise the JTO and build consensus for the resulting programs. <LI>Identify areas for which standards need to be developed for information systems security. <LI>Facilitate the availability and use of NSA certified cryptography within information systems security research programs. <LI>Proactively provide a coherent, integrated joint vision of the program in internal and public communications. </OL> <H3>Program Oversight and Revisions</H3> The Director, ISSR-JTO, has a joint reporting responsibility to the Directors of ARPA, DISA, and NSA. The Director, ISSR-JTO, will conduct a formal Program Status Review for the Directors of ARPA, DISA, and NSA on an annual basis, and will submit mid-year progress reports between formal reviews. Specific reporting procedures and practices of the JTO to ARPA, DISA, and NSA will be detailed in the Joint Technology Management Plan. This MOA will be reviewed at least annually, and may be revised at any time, based on the mutual consent of ARPA, DISA, and NSA, to assure the effective execution of the joint initiative. Any of the parties may withdraw from participation in the MOA upon six months written notice. The MOA is effective 2 April, 1995.<P> <IMG SRC="http://www.ito.darpa.mil/ResearchAreas/Information_Survivability/sigs4.gif" ALT="Signatures of Dr. Gary L. Denman, Director ARPA; LtGen Albert J. Edmonds, Director, DISA; VADM John M. McConnell, Director, NSA; Dr. Anita K. Jones, Director, DDR&E; Emmett Paige, Jr., Assistant Secretary of Defense for Command, Control, Communications and Intelligence"><P> <P> <address> <HR> <A HREF="http://www.ito.darpa.mil/ResearchAreas/Information_Survivability.html"
Return
to Information Survivability Page</A> <BR> Direct comments concerning this WWW site to: <A HREF="mailto:Webmaster () ito darpa mil">Webmaster () ito darpa mil</A></address> </BODY> </HTML>
Current thread:
- IP: NSA/ARPA/DISA joint research office Memo of Agreement Dave Farber (Aug 01)