Cryptographic Modernization Program
|This article needs additional citations for verification. (February 2008) (Learn how and when to remove this template message)|
The Cryptographic Modernization Program is a Department of Defense directed, NSA Information Assurance Directorate led effort to transform and modernize Information Assurance capabilities for the 21st century. It has three phases:
- Replacement- All at risk devices to be replaced.
- Modernization- Integrate modular (programmable/ embedded) crypto solutions.
- Transformation- Be compliant to GIG/ NetCentric requirements.
The CM is a joint initiative to upgrade the DoD crypto inventory. Of the 1.3 million cryptographic devices in the U.S. inventory, 73 percent will be replaced over the next 10 to 15 years by ongoing and planned C4ISR systems programs, Information Technology modernization initiatives and advanced weapons platforms.
All command and control, communications, computer, intelligence, surveillance, reconnaissance, information technology and weapons systems that rely upon cryptography for the provision of assured confidentiality, integrity, and authentication services will become a part of this long-term undertaking. The Cryptographic Modernization program is a tightly integrated partnership between the NSA, the military departments, operational commands, defense agencies, the Joint Staff, federal government entities and industry.
The program is a multibillion-dollar, multi-year undertaking that will transform cryptographic security capabilities for national security systems at all echelons and points of use. It will exploit new and emerging technologies, provide advanced enabling infrastructure capabilities, and at the same time, modernize legacy devices that are now operationally employed.
The program also directly supports the DoD vision of the Global Information Grid. The security configuration features enable new cryptosystems to provide secure information delivery anywhere on the global grid while using the grid itself for security configuration and provisioning—total seamless integration.
Most modernized devices will include both Suite A (US only) and Suite B support. This allows for protection of sensitive government data as well as interoperability with coalition parters, such as NATO. The program includes the DOD's Key Management Initiative which is designed to replace cumbersome special purpose channels for distribution of cryptographic keys with a network-based approach by 2015.
The NSA has also led the effort to create standards for devices to prevent vendor lock in.
- High Assurance Internet Protocol Encryptor (HAIPE)
- Link Encryptor Family (LEF)
- Secure Communications Interoperability Protocol (SCIP)
The modernized devices that are being built usually include the ability to add to or replace the current algorithms as firmware updates as newer ones become available.
- Leveraging Cybersecurity - Interview with Daniel G. Wolf - Military Information Technology
- Security Guide: Operationalizing the IA Component of the GIG - Richard C. Schaeffer Jr. - Military Information Technology
- Allen Walton "Army Key Management System 2007 update". Army Communicator. Fall 2007. FindArticles.com. 21 Aug. 2008.