818Fl T mVllmaJU U eBOOli1W tiJOOW lrlllliV CBOl IW U woaimu WtilWflkt illlllil CE 'il0110CD £u WOl1 il0 Non - Responsive ' I coMSEC SIGINT RELATIONS U ••• •• •••• • David G Boak •• •••••• • •• •• l A SOMEWHAT LARGER PROBLEM U • • • ••• •• Wayne E Stoffel •• • ••• 7 rLASSIC CABl B rm • NSA-CROSTIC NO 24 I U •••••••••••••••••••••••••• D H W• • •••••••••••••• • ••••• 14 11• • 8 - • • • 111• ft 016 OCRMEPRP If tffPit I INRff r B W JL EC T Dec lassified and Approved for Re lease by NSA on 12-09-2021 pursuant to E O 13526 MDR-111125 Published Monthly by Pl Techniques and Standards for the Personnel of Operations VOL VI No 4 APRIL 1979 _ _ -· - r r - A U f I Non - Re sponsive 1• 6 - - iyi- _ -- _ _ _ L ___e-- - r lwllll' lllllill COMSEC SI GlNT Relations David G Boak s Last 'NoVllfflbllZ'• David Boak Special Aeeietant to ths Deputy Direoto r fore Conrmmicatione StJCUl' ity NSA J • • F••ented an addNss on the status of CONSEC today to the mtllnbtnos of the Conmunications Anatyeis Association CRYPTOLOG is p't«ul to be able to pass Mr Boak'• obsnvationa on to a i n cl81' audienoe U EO 3 3b 3 PL 86-36 50 USC 3605 • • • - the good old Klr-7 the o cipher machine we have J et't that looks like cipher machine--the only one that's aex y at au - he easiest way to describe COMSEC is • say that it counters SIGINT Qup to job in Sis toinfnistrate the SIGINj -the - -SIGINT - - -world --• - - from --- -sources ---• professionals hostile governmeats and•soae other Another way of looking at COMSEC But by and large i was catch-as-catch-can perhaps a more positive one i to We assumed the worst about that threat and did answer the question What's it for • In a the best we could to cope with it in an unnutshell I think that what COMSEC i f for is structured way to help the gove1 11111ent achieve surpl'ise Now But we began to realiz e that our COMSEC I don't just mean the classical military tacassets were finite aad that we had to allocate tical and strategic surprise alt llough of course that's crucial-but technological and the resources people and 11achinery as well diplomatic surprise as well • •• as new developments to optimize our position against the threat And the better we could I believe that the SIGINT element of the define it the bette r we could get the right national intelligence co1111tuolty remains the pre-eminent one And the reason I do is that systems to the placei where we were hurting SIGINT pi ovides to our d ision makers the the most Therefore we built an entire most timely most authoritative most accurate division with a speciofic mission of determin and often unique infotmation those decision ing what we're up gltinst helping us assess 11 akers get about what ihe other guy is going what that meant to ul helping with our to do before he does •it And that's equally plans and our prion ¢ zations We could important for a cogtany c0111111ander someone then begin to alloca such assets as we had negotiatinil Position a weapons system on an educated basis • planner or-increasingly often these daysHere's a brief oj erview of what that someone involved in worldwide economit wargroup has developed ic e the domifare Denying comparable ·foreknowledge is what nant threat we face COMSEC is for There are a few examples where _ _ _ _ _ _ _ __ we can demonstrate that a modest handful of COMSEC devices saved tens of millions of dollars in support of big operations and some dismal instances in which we can show that the lack of CO EC cost many lives I suggest therefore that it is an excellent investment U oo Now let's see what we're up against in trying to do that job The 2'hzoeat Until the early 1970s this Agency had no coherent comprehensive picture of what COMSEC was up against We had fragmentary infonation We got some of it from April 79 CRYPTOLOG Page 1 Ill TI a a z a mm _ um --·-· - I 3 3b 3 86-36 50 USC 3605 PL 86-36 50 USC 3605 2S0 of those are in R Rl is our heart and soul for the invention and the initial desip of all the crypto equipment we build for the overmaent The balance 1550 or so people are in S Sand Rl act as friendly adversaries with R inventin what we are going to use and our own -• ________ s oo At the core of all these people is a set of highly professional disciplines notably cryptomathematics engineering and computer science The SIGitn'-oriented reader will note that except for linguists we are competing for and using the same kinds of key personnel resources M CTyptomathematics is obviously the heart of the whole assessment proc•ss for modern cryptosystetas I'll get back to them shortly our need for engineeTs particularly electronic engineers is obvious They are responsible for putting out cipher machines the best in the world literally in tens of thousands of copies -• lfe need computer scientists for at lea t three reasons The first and perhaps not so obvious one is that every modern key generator cipher machine that we've fielded since the late 1950s can be viewed as not much aore than a special purpose hard-wired computer with some programabillty or variability to permit setup and change of keys An W derstanding of the c0111pUter process is essential to the design and eval on of the systems themselves M Secondly computers turn out to be second only to brains in their illJ Ortance to us as tools in the analytic process and we use them extensively for that J Ul'pose -tit And finally in support of the cryptosystems we have worldwide is an enormous body of keying 111 terial literalty mountains of it which in fact has at its base computer generation And we have a computer essentially dedicated to just doing that job• Now what actually do all these brains produce Let's have a quick look at our pro- duct line the cioher machines we've alreadv a ot I • The Rs po1111s What have we got ranged • against these threats Our COMSEC manpower • 1s about eighteen hundred all told About •1 -------------------- 1 1 April 79 CRYPTOLOG • Page 2 EO 3 3b 3 PL 86 - 36 50 USC 3605 SECDII 311 Di I I I II II 112 S S cttSi --------- --I ------ 81e•• PL '86-36 50 USC 3605 • EO 3 3b 3 EO 3 3b 3 PL 86-36 50 USC 3605 PL 86-36 5 0 USC 3605 • I 1 one system old I L-'7 bears special mention for two reasons First of all it's the only one te have left that looks like a cipher machine it•s the only one that's sexy at all All the others are just plain boring to look at More importantly the design for this crystalized in 1948 It got fielded in 19S4 in ome 2s 000 copies This old bear is still in pse today and we don't intend to phase it put until 1983 We expect the last message enciphered by that aachine will remain secure iagainst hostile cryptanalysis for five to en years after that This is a prime exaaple of the tre'lllendous longevity of some of 0111' machines I point it out because I feel it justifies he highly conservative standards that we nave imposed fOT acceptance of any high grade cipher machine No changes have been lllade in the logic of the KL-7 since its in'ception and we still think it is invulnerable to cryptanalysis without knowledge of its keys l'Otor wirings or stepping patterns An examination of other newer machines • shows them to be progressively smaller faster and 1110re efficient They include •specialized highly reliable equipment for use in space Some of these little boxes may cost as much as $40 000 a copy That's 0 • kind of expensive But then the first se• cure voice devices built cost a cool one •IDillion dollars each So we're getting some• where in keepin1 costs down Also coming down • the aite M1'6hl bl our ul t late so far - t he goOA Many of you have used the lY-l Autosevoco• system Perhaps you don't know that when you pick up that phone to ulte a call it ro•support a 1 1• t pr ' s•e• ' mac 'hin ' ' - •w' ' e ' ha v•e• a' ' automatically checks every critical alarm 85 • lar1e oraaniiation puttinl out keyjn1 materials circuit in the sr-5t• I there's any failure • and many codes and manual ciphers as well To that P jeopard ze S11CU1'1 ty the system shuts • get an idea of the ma nitude of the oDeration down and you can t co plete the call It does that in the •tter of a fev liilliseconds • • • • • • • --- -• Our ultiute in alani philosophy is perhaps the ltW-37 used in the ·U S Navy's FOXTROT • broadcast system Here •• use a transmitte-r • with three identical key generators All are • _ _ _____________ _ _ _ __ _ set up keyed and started simultaneously and • I 've mentioned 1800 or so people soae all three generator outputs are mtched against great technical specialties a bunch of cipher each other Unless at least two of these • machines and counue·s s manual systns What streams match exactly the system shuts down • do they do for us How do _ •The third one can then be pulled out fixed • against that rather aweso1Del and put back in without interrupting commu• capability described earli lrr - - - - - - -1 w-il - ·1 · 111i-·· -- · •-To appraise our post1tte think of yourself for a ll'IOllent as a 111e111ber1 f a foreign SIGINT organization You•ve ass igned to the job of exploiting U S colUllnications I'm going b en EO 3 3b 3 PL 86-3 6 50 April 79 use 3 605 CRYPTOLOG • Page 3 IIIIRIT ----- ' -- -- -----• EO 3 3b 3 Iii PL 86-3 6 50 USC 360 5 I II 5 EO 3 3b 3 EO 3 3b 6 PL 86-3 6 50 use 36 05 HBMRBT EO 3 3b 3 PL 86-36 50 USC 3605 • in the field from switc '•h uchines TOl stationsl - ---- n - · · ---- Unlike the SIGINT world we have a c l osed system When et done with stuff we destroy • it usually 1 So we don't have iJie pfFblem with our prdiuct that • you have with yours of sending out iaozens or • hundreds of copies and having them merged • massaged redisseminated and then fil'ed for • months or years afterwards wlnerable all that • time • • we 0 • • • • ' 0 Part of the difficulty of course is that collllllUJlications keep growing We keep being behind that power curve It is estimated that the amovnt of communications in this country doubles ievery five years Every time we start pumping out more cipher machines communicators get ff re capacity and we need still more cryptograplay CU It's ivery tough problem The sheer magnitude of t t t requirement adds to the difficulty of finding cheap effective wide-spread lVl s c a re s u_s_e_v_en-mor--e- S o-mu-c h_s_o_ -i-nf' a_c_t_ -tha_t_ voice security in the 196Os we began to say we've got to find fU Well after a downer like that let's some technical solution to this problem of the see if there's bright side accessibility of our keys to better than 140 000 Ill -First of•all for record collllllUnicapeople We came up with the concept of remote tions virtually 'all are covered where classielectronic keying where we could set up cipher fied traffic is ith olved It's not a problem April 79 • CRYPTOLOG • Page 4 •1 PL 86-36 50 USC 3605 1 •I ouonu for us and hasn't been for about 10 or 12 vears __ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 'Ill PL 86-36 50 USC 3605 F munity has made to the govertfment as a whol in the last decade was the GINT discovery of North Vietnamese foreknojledge of USAF ARCLIGHT B-S2 raids •• • _ SIGINT illuminated a t' ff net which • JQ was passing warnings well advance of wN n and where these strikes woold be we It• was good strong hard evidence which was tti n used for briefings in the P'lmtagon to the iJCS • -Physical security apart from the reand DIA as a result of 'fh ch the first oper• mote electronic keying coming down the pike in ations security OPSEC prpnization in our• • our next generation of equipment is advancing government was established •• •Weare ill proving the packaging of many of our _ The Pentagon actuaJ1y shook loose li • • keyine aaterials to make them tamper-resistant • d h f ha pulling hen's teeth sQllle 22 billets for the • or to give us the means to etect t e act t t CINCPAC staff includiRg 90me senior people• • someone in the pipeline has gotten at them So from our own Agency to• go -out there and catt •_w_e_'r_e_ma_k_in_a_s_om_e_pro __ rr_e_s_s_th_er_e_ _ _ _ _ _ out this OPSEC method•i°'logf It involved lo k - ing at the security e velppe around all our · operations seeing where the holes were an•• plugging them 1 suggest- that in the course of that war it was ne f1f the few_bright • • spots in an otherwi1e difmal security recorf • _ The methodololl ' was•great It enhanced operations out the e it saved equipment an8 • ordnance it saved live It impressed the • __ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ JCS so IIIUCh that they e tablished their own -Lying behind this is a tremendous inOPSEC organintio11 most of the other CINCs• • •fusion of money and effort-on the order of did likewise No all the services are • • • $1 3 billion over the next few years That's using this technlque a d OPSEC is a common • • big money for us just for sheer procurement word In fact we havi a IIIOdest OPSEC capa - • • Df hardware That 1 -s-a'6out quadruple the exbility in NSA i elf hich I'll mention • penditures we've ever made in a comparable shortly • • • • ime period before As a result of this we - The SIGINT side of the Agency also hel s • •hre going to more than double our inventory by us through sha ina of 1ssets particularly • •ihe mid-80s Our estimate is that there are compu e q t afford the vast • • going to be over S00 000 cipher machines out there by 198S if things continue to go as t • he u don• t believe we could r•a -h - • hey're aoing now •••i---1 i - -r hat h _vel OK let's get to the specifics of how we 40 about this job how we evaluate these sysI ems get them out and learn about our ene• tiles One key to the effort is the kind of nteraction that has been going on in this kency between COMSEC and SIGINT our assoriation is a S 'llbiotic one with two separate e 'ganisms living in close harmony and inter• d pendence with each producing something the ther can use to the mutual benefit of both • 2ll l r I uli i ft ft ft- 0 I I I • • I I • • I I • ' I I _ _ I think that among the biggest overall urity contributions that theJIGINT com- - _ EO 3 3b 3 • • • 'Jel tpd artict For of th I • see Pursuit 1-'§1P1 'll S • _ _ _ _ _ 1n CRYPTOLOG • 4 Mar 1 • • an • of the aost di•ying aspects of I s situation was • that of the operations exulned throughout tfuit ater fully tlilO thirds-perhaps as IUUIY as three-fow ths-of all the_foreknowledge indicatcars that the enemy were getting were from•our own collllllUJ ications Q insecurities April 79 • CRYPTOLOG Page 5 f J •------------ EO 3 3b 3 PL 86-36 50 USC 3605 PL 86-36 50 USC 3605 -' - · 8118RBf ____ _ _ __ - - --- - ------- -- ll il- 11 - ' ' _ _ _ _ ·- ·- -·· -•_ ___ ____ W- - -• i'I - -- - ----- - ---·· IDIBIJ• -- To be on the safe side we try to anti- • cipate future crypto-mathematical break• throughs and accommodate possible jumps in COlllputer power and still have a aargin of • safety NSA is an image of what we think an • • enemy might look like if he's Jood enough A knowledge of NSA's capabilities and procedures • helps us in deciding how high to set our stan- dards • • • • • • • • • • • • • • • • ContinMtld on rxzR8 18 • • • • EO 3 3b 3 EO 3 3b 3 PL 86-36 50 USC 360 5 PL 86-36 50 US C 3605 April 79 • CRYPTOLOG •Pase 1111111 2 PT 97 •rt PM UUflll WIIB - A Logioa7 Sequd to A Sma1 1 PJ'Obl mn CRYPTOLOG N01J61Tlbe'l' 19 8 ASomewhat Larger Problem U By Wayne E Stoffel Pl4 For the Crypto-TTaffic Analytic Special Interest Group • • • • • • •• • • • · • 't • • • •·· Arril 79 CRYPTOLOG Page 7 ··-------------1 EO 3 3b 3 PL 86- 36 50 USC 3605 88 tfilJDlfQIML ------------------------ -- ·-- 111L IZ a sosma SJ£bttiilZ OlSI · •· I GLORE I bl Odil GLAIIIG CARL B I zl• 1d •• ·n··· •·1 I• ·••p F •r·•1 · - - •• • • •• ·- •_ _•_• •• • _• •• •-1 1• U __• a••-•-• •_•• • • ••_•_•_••_• •• • •--••-•-•--•• _• •_ • •• •z • • • •• •• • - Hot as well known perhaps as lili rphy' s Law but no less valid is Hill's Axiom of Cable Analysis T1l8 1 aspczra-UOn of the oab'L• dztafts1' ia d-lnotl y 'PJ'Oporticmat to ths DPllber r f H 8Nr14• IIIHlltU 88 aited I • EO 3 3b 3 PL 8 6-36 50 •• April 79 • CRYP'IOLOG Page 8 •M iY J ' M - a - '· · · • · ' ''' • • QRODII• 8P8 B use 3605 UNCLASSIFIED April 79 CRYPTOLOG Page 9 -N_o_n___R _e_s_p_o_n_s_i_v_e I UNCLASSIFIED - - ------ ---- --' _ ·- -- --- ----· • ------- UNCLASSIFIED April 79 CRYPTOLOG Page 10 UNCLASSMED I Non - Responsive I d ·1 UNCLASSIFIED l • l April 79 CRYPTOLOG • Page 11 UNCLASSIFIED I---------·I Non - Re sponsive J ft • 1-·- -· l - - · ----''---- - - '-· '··• -- ·•· -- r- •_ I ·- UNCLASSIFIED April 79 CRYPTOLOG Page 12 UNCLASSinED I Non - Responsive I UNCLASSIFIED I April 79 CRYPTOLOG Page 13 UNCLASSIFIED i-N-on---R-e-s p_o_n_s_i_v_e I• UNCLASSIFIED 1 ··· ••• ··•• I -N SA-erostic No 24 cu ay b H W M RDS Dl FINITIONS April 79 CRYPTOLOG Page 14 I UNCLASSIFIED 1 Pen ••••••• ••• ••- __ J PL I 86-36 50 USC 3605 I I PL 8 6-36 50 use 3605 I UNCLASSIFIED I •• I 1• · - - I April 79 • CRYPTOLOG • Page I UNCLASSJftED PSR 9Plll91M ------- · • - • - - _l • •- - - - A- _ • a ___ _ UNCLASSIFIED April 79 CRYPTOLOG Page 16 UNCLASSIFIED I Non - Responsiv e f I 8181111 Non - Responsive I _ Ji __ - r- ______________________________________________ · • · _ - April 79 CRYPTOLOG Page 17 iillJfilRI• aa su - ___ __ f th CCI Sh 0$221$U- JtCL to EO 3 3b 3 PL 86-36 50 USC 3605 tJIHIRM 3 3b 3 PL 86-36 50 USC 3605 •• helpedmore aakel lactivl ties sec u r e l•________ _ ____ J Conti nutld fl'Offl page 8 ------ ------------ 1 • __ Finally I did mention that we have an • OPSE capability We've been using that • capapilitv in Son behalf of NSA fundament- uu We think that we have _ One final thought I think that in the last ten or fifteen years the st salutary thing that I've seen happen in tens f or1ani%ational relationships has been the wing trust between cor-5EC and SIGINT We used to be at am's length and that's not happenin1 an 'IIIOre In fact we have integrated into the COMSEC process more SIGINT professionals in the last six or seven years than in the entire history of this Agency COMSEC belatedly came to realize that SIGINT peop have some bnins after all and could do L 86-36 50 USC 3605 1 obs well-and that has oroven ou • I I can only 'h -o_p_e_t- - h a ' t-t h e-p-eo-p 'l_e_o- t- th e S I G INT ' side share my perception that the benefits are reciprocal SIGINT job harder and take •re people and other assets to sustain our present level of success But the consensus I see is that the • •• •i••iftl•li iWIPIRi JA'lftL i11 111ti11 I problem is not an insuperable one Q What about TEMPEST The ascendency of the Department of Commerce in this field resulted from a presi• A TEMPEST-which is the Agency's term to dential directive which established two Exec identify potentially compromising eunations utive Agents in the government for tele mu• from our own electronic equipment-is a nications protection one which has to do • matter that I feel is reasonably well in with the protection of national security •• c c ----- t hand as a COMSEC m-oblea as far as our related information-this is NSA actini for the Secretary of Defense and one for the pl'Otection of information not related to pational sec ity-tbis is the Department of Fol lob i ng hi• tat 1c Nzt Boak anl JWfll'ed • qu stiorui from ths f1 oott r•i• pa••••• Colillerce The action el -nt in CoaeNe is a new organization the National Teleeoaamications and Inforaation Adllinistration with whoa we are now in active negotiation on how to share this load We have soae concerns of course Are they for example goin1 to create an ' independent cryptanalytic organization Are ' ' they going to do independent R 6 Din cryptography And if so under what kinds of security controls ______________________ Overall however we are becoming acclimated to one another and the Director is en Q What are your views on the extension of suring that we remain highly cooperative and cryptography in the public sector and the supportive of them •initiatives of the Department of Comerce A Frankly l • not overly concerned I Q Do you anticipate that the S organization rthink some of us may have overreacted to the will establish a viable ELINT security EI SEC •surge of activity out there and some of the progru blicity we 1ot with -respec_t to it I think A We have wrestled with that matter for a Dost of my SIGINT friends now believe that it long as I've been around We have not solved is not going to be the end of the world it For a while we thought of caUin1 wr learly though as mbre and 110re sophistiselves SIGSEC instead of C MSEC thus sol ated knowledge about cryptography is prolifving the issue with improved n011eDclature '8rated in public it is going to make the ' April 79 CRYPTOLOG • Page 18 EO 3 3b 3 PL 86-36 50 use 3605 1011111' aa ssa a ss I I I I PL 86-36 50 USC 3605 EO 3 3b 3 PL 86-36 50 USC 3605 lli llil 1 But it is tt Ue that we have no coherent El SEC We will offer them techni al advice and assisteffort beaause we have been unable to define ance on how good such sysJenis are it very w l Yet those definitions are imQ We seem to be with cd'llputer security where portant in establishing roles missions and we were with TEMPEST ten years ago What are authoritie' I The Army for example used to your thoughts on where e are going in that call telemetry a non-coanunications signal area • and referred to its protection as El SEC-a part of electronic warfare-and not within NSA's jurildiction We've largely solved that particj lar issue but have not yet gotten h 1 i -c · t l n 1 eein tried to in • that if a cryptographi technique is involved regardless of the purpose of the signal we should be in the act But I'm afraid that's not really a very satisfactory answer Q Will NSA establish a national CCNSEC assessment program for equipment other than that we build ourselves A I hope not lt's a very difficult thing If some of the equipment being produced commercially is going to be adopted by elements of the government _l believe we must have some role in its certification or validation But I believe the way we go about that if the equipment is not to be used for national security purposes will have to be through the Department of Co1111erce as their new mission gives them jurisdiction over such applications April 79 • CRYPTOLOG • Page 19 ··- 2iiiilil It 1277 17 t $St 133 C Fit ti7P57 I I _ _ · - - -- -- -- - - - -- - -- - - - - - - - -- - - -- ---- __ J No n - Responsive I O8 fJflDIIH•Mi April 79 • CRYPTOLOG Page 20 I Non - Responsive ll-Nu 79-SJ-2124' I I Non - Responsive IICAli' I • • • • 11111 B88 l IFI 181FIAIN18 IIB IR lal lll1t• M• IEeRIT - -- - --- - - - - - - - - - - -- - - - - - - -- - - - - -- - - -